function access_denied()
{
if (!auth_is_user_authenticated()) {
if (basename($_SERVER['SCRIPT_NAME']) != 'login_page.php') {
$t_return_page = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$t_return_page .= '?' . $_SERVER['QUERY_STRING'];
}
$t_return_page = string_url(string_sanitize_url($t_return_page));
print_header_redirect('login_page.php?return=' . $t_return_page);
}
} else {
if (auth_get_current_user_id() == user_get_id_by_name(config_get_global('anonymous_account'))) {
if (basename($_SERVER['SCRIPT_NAME']) != 'login_page.php') {
$t_return_page = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$t_return_page .= '?' . $_SERVER['QUERY_STRING'];
}
$t_return_page = string_url(string_sanitize_url($t_return_page));
echo '<center>';
echo '<p>' . error_string(ERROR_ACCESS_DENIED) . '</p>';
print_bracket_link('login_page.php?return=' . $t_return_page, lang_get('click_to_login'));
echo '<p></p>';
print_bracket_link('main_page.php', lang_get('proceed'));
echo '</center>';
}
} else {
echo '<center>';
echo '<p>' . error_string(ERROR_ACCESS_DENIED) . '</p>';
print_bracket_link('main_page.php', lang_get('proceed'));
echo '</center>';
}
}
exit;
}
/**
* Function to be called when a user is attempting to access a page that
* he/she is not authorised to. This outputs an access denied message then
* re-directs to the mainpage.
*/
function access_denied()
{
if (!auth_is_user_authenticated()) {
if (basename($_SERVER['SCRIPT_NAME']) != 'login_page.php') {
$t_return_page = $_SERVER['SCRIPT_NAME'];
if (isset($_SERVER['QUERY_STRING'])) {
$t_return_page .= '?' . $_SERVER['QUERY_STRING'];
}
$t_return_page = string_url(string_sanitize_url($t_return_page));
print_header_redirect('login_page.php' . '?return=' . $t_return_page);
}
} else {
if (current_user_is_anonymous()) {
if (basename($_SERVER['SCRIPT_NAME']) != 'login_page.php') {
$t_return_page = $_SERVER['SCRIPT_NAME'];
if (isset($_SERVER['QUERY_STRING'])) {
$t_return_page .= '?' . $_SERVER['QUERY_STRING'];
}
$t_return_page = string_url(string_sanitize_url($t_return_page));
echo '<p class="center">' . error_string(ERROR_ACCESS_DENIED) . '</p><p class="center">';
print_bracket_link(helper_mantis_url('login_page.php') . '?return=' . $t_return_page, lang_get('click_to_login'));
echo '</p><p class="center">';
print_bracket_link(helper_mantis_url('main_page.php'), lang_get('proceed'));
echo '</p>';
}
} else {
echo '<p class="center">' . error_string(ERROR_ACCESS_DENIED) . '</p>';
echo '<p class="center">';
print_bracket_link(helper_mantis_url('main_page.php'), lang_get('proceed'));
echo '</p>';
}
}
exit;
}
/**
* Check that there is a user logged-in and authenticated
* If the user's account is disabled they will be logged out
* If there is no user logged in, redirect to the login page
* If parameter is given it is used as a URL to redirect to following
* successful login. If none is given, the URL of the current page is used
* @param string $p_return_page Page to redirect to following successful logon, defaults to current page
* @access public
*/
function auth_ensure_user_authenticated($p_return_page = '')
{
# if logged in
if (auth_is_user_authenticated()) {
# check for access enabled
# This also makes sure the cookie is valid
if (OFF == current_user_get_field('enabled')) {
print_header_redirect('logout_page.php');
}
} else {
# not logged in
if (is_blank($p_return_page)) {
if (!isset($_SERVER['REQUEST_URI'])) {
$_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'] . '?' . $_SERVER['QUERY_STRING'];
}
$p_return_page = $_SERVER['REQUEST_URI'];
}
$p_return_page = string_url($p_return_page);
print_header_redirect('login_page.php?return=' . $p_return_page);
}
}
function access_denied()
{
if (!php_version_at_least('4.1.0')) {
global $_SERVER;
}
if (!auth_is_user_authenticated()) {
if (basename($_SERVER['SCRIPT_NAME']) != 'login_page.php') {
if (!isset($_SERVER['REQUEST_URI'])) {
if (!isset($_SERVER['QUERY_STRING'])) {
$_SERVER['QUERY_STRING'] = '';
}
$_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'] . '?' . $_SERVER['QUERY_STRING'];
}
$t_return_page = string_url($_SERVER['REQUEST_URI']);
print_header_redirect('login_page.php?return=' . $t_return_page);
}
} else {
echo '<center>';
echo '<p>' . error_string(ERROR_ACCESS_DENIED) . '</p>';
print_bracket_link('main_page.php', lang_get('proceed'));
echo '</center>';
}
exit;
}
$f_os_build = gpc_get_string('os_build');
$f_description = gpc_get_string('description');
if (profile_is_global($f_profile_id)) {
access_ensure_global_level(config_get('manage_global_profile_threshold'));
profile_update(ALL_USERS, $f_profile_id, $f_platform, $f_os, $f_os_build, $f_description);
form_security_purge('profile_update');
print_header_redirect('manage_prof_menu_page.php');
} else {
profile_update(auth_get_current_user_id(), $f_profile_id, $f_platform, $f_os, $f_os_build, $f_description);
form_security_purge('profile_update');
print_header_redirect('account_prof_menu_page.php');
}
break;
case 'delete':
if (profile_is_global($f_profile_id)) {
access_ensure_global_level(config_get('manage_global_profile_threshold'));
profile_delete(ALL_USERS, $f_profile_id);
form_security_purge('profile_update');
print_header_redirect('manage_prof_menu_page.php');
} else {
profile_delete(auth_get_current_user_id(), $f_profile_id);
form_security_purge('profile_update');
print_header_redirect('account_prof_menu_page.php');
}
break;
case 'make_default':
current_user_set_pref('default_profile', $f_profile_id);
form_security_purge('profile_update');
print_header_redirect('account_prof_menu_page.php');
break;
}
if ($f_manage_page && $t_dst_project_id != ALL_PROJECTS) {
access_ensure_project_level(MANAGER, $t_dst_project_id);
}
# user should only be able to set columns for a project that is accessible.
if ($t_dst_project_id != ALL_PROJECTS) {
access_ensure_project_level(VIEWER, $t_dst_project_id);
}
# Calculate the user id to set the configuration for.
if ($f_manage_page) {
$t_user_id = NO_USER;
} else {
$t_user_id = auth_get_current_user_id();
}
$t_all_columns = columns_get_all();
$t_default = null;
$t_view_issues_page_columns = config_get('view_issues_page_columns', $t_default, $t_user_id, $t_src_project_id);
$t_view_issues_page_columns = columns_remove_invalid($t_view_issues_page_columns, $t_all_columns);
$t_print_issues_page_columns = config_get('print_issues_page_columns', $t_default, $t_user_id, $t_src_project_id);
$t_print_issues_page_columns = columns_remove_invalid($t_print_issues_page_columns, $t_all_columns);
$t_csv_columns = config_get('csv_columns', $t_default, $t_user_id, $t_src_project_id);
$t_csv_columns = columns_remove_invalid($t_csv_columns, $t_all_columns);
$t_excel_columns = config_get('excel_columns', $t_default, $t_user_id, $t_src_project_id);
$t_excel_columns = columns_remove_invalid($t_excel_columns, $t_all_columns);
config_set('view_issues_page_columns', $t_view_issues_page_columns, $t_user_id, $t_dst_project_id);
config_set('print_issues_page_columns', $t_print_issues_page_columns, $t_user_id, $t_dst_project_id);
config_set('csv_columns', $t_csv_columns, $t_user_id, $t_dst_project_id);
config_set('excel_columns', $t_excel_columns, $t_user_id, $t_dst_project_id);
form_security_purge('manage_columns_copy');
$t_redirect_url = $f_manage_page ? 'manage_config_columns_page.php' : 'account_manage_columns_page.php';
print_header_redirect($t_redirect_url);
require_api('authentication_api.php');
require_api('constant_inc.php');
require_api('current_user_api.php');
require_api('gpc_api.php');
require_api('html_api.php');
require_api('lang_api.php');
require_api('print_api.php');
require_api('string_api.php');
auth_ensure_user_authenticated();
$f_ref = string_sanitize_url(gpc_get_string('ref', ''));
if (count(current_user_get_accessible_projects()) == 1) {
$t_project_ids = current_user_get_accessible_projects();
$t_project_id = (int) $t_project_ids[0];
if (count(current_user_get_accessible_subprojects($t_project_id)) == 0) {
$t_ref_urlencoded = string_url($f_ref);
print_header_redirect("set_project.php?project_id={$t_project_id}&ref={$t_ref_urlencoded}", true);
/* print_header_redirect terminates script execution */
}
}
html_page_top(lang_get('select_project_button'));
?>
<!-- Project Select Form BEGIN -->
<div id="select-project-div" class="form-container">
<form id="select-project-form" method="post" action="set_project.php">
<?php
# CSRF protection not required here - form does not result in modifications
?>
<fieldset>
<legend><span><?php
echo lang_get('choose_project');
require_once 'string_api.php';
news_ensure_enabled();
$f_news_id = gpc_get_int('news_id');
$f_action = gpc_get_string('action', '');
# If deleting item redirect to delete script
if ('delete' == $f_action) {
form_security_validate('news_delete');
$row = news_get_row($f_news_id);
# This check is to allow deleting of news items that were left orphan due to bug #3723
if (project_exists($row['project_id'])) {
access_ensure_project_level(config_get('manage_news_threshold'), $row['project_id']);
}
helper_ensure_confirmed(lang_get('delete_news_sure_msg'), lang_get('delete_news_item_button'));
news_delete($f_news_id);
form_security_purge('news_delete');
print_header_redirect('news_menu_page.php', true);
}
# Retrieve news item data and prefix with v_
$row = news_get_row($f_news_id);
if ($row) {
extract($row, EXTR_PREFIX_ALL, 'v');
}
access_ensure_project_level(config_get('manage_news_threshold'), $v_project_id);
$v_headline = string_attribute($v_headline);
$v_body = string_textarea($v_body);
html_page_top(lang_get('edit_news_title'));
# Edit News Form BEGIN
?>
<br />
<div align="center">
<form method="post" action="news_update.php">
# $Id: bug_report_page.php,v 1.64.2.1 2007-10-13 22:32:53 giallu Exp $
# --------------------------------------------------------
# This file POSTs data to report_bug.php
$g_allow_browser_cache = 1;
require_once 'core.php';
$t_core_path = config_get('core_path');
require_once $t_core_path . 'file_api.php';
require_once $t_core_path . 'custom_field_api.php';
require_once $t_core_path . 'last_visited_api.php';
$f_master_bug_id = gpc_get_int('m_id', 0);
# this page is invalid for the 'All Project' selection except if this is a clone
if (ALL_PROJECTS == helper_get_current_project() && 0 == $f_master_bug_id) {
print_header_redirect('login_select_proj_page.php?ref=bug_report_page.php');
}
if (ADVANCED_ONLY == config_get('show_report')) {
print_header_redirect('bug_report_advanced_page.php' . (0 == $f_master_bug_id) ? '' : '?m_id=' . $f_master_bug_id);
}
if ($f_master_bug_id > 0) {
# master bug exists...
bug_ensure_exists($f_master_bug_id);
# master bug is not read-only...
if (bug_is_readonly($f_master_bug_id)) {
error_parameters($f_master_bug_id);
trigger_error(ERROR_BUG_READ_ONLY_ACTION_DENIED, ERROR);
}
$t_bug = bug_prepare_edit(bug_get($f_master_bug_id, true));
# the user can at least update the master bug (needed to add the relationship)...
access_ensure_bug_level(config_get('update_bug_threshold', null, $t_bug->project_id), $f_master_bug_id);
#@@@ (thraxisp) Note that the master bug is cloned into the same project as the master, independent of
# what the current project is set to.
if ($t_bug->project_id != helper_get_current_project()) {
<?php
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
# Copyright (C) 2002 - 2004 Mantis Team - mantisbt-dev@lists.sourceforge.net
# This program is distributed under the terms and conditions of the GPL
# See the README and LICENSE files for details
# --------------------------------------------------------
# $Id: logout_page.php,v 1.17 2004/05/30 01:49:31 vboctor Exp $
# --------------------------------------------------------
require_once 'core.php';
auth_logout();
if (HTTP_AUTH == config_get('login_method')) {
auth_http_set_logout_pending(true);
}
print_header_redirect(config_get('logout_redirect_page'));
$f_query_name = strip_tags(gpc_get_string('query_name'));
$f_is_public = gpc_get_bool('is_public');
$f_all_projects = gpc_get_bool('all_projects');
$t_query_redirect_url = 'query_store_page.php';
# We can't have a blank name
if (is_blank($f_query_name)) {
$t_query_redirect_url = $t_query_redirect_url . '?error_msg=' . urlencode(lang_get('query_blank_name'));
print_header_redirect($t_query_redirect_url);
}
# Check and make sure they don't already have a
# query with the same name
$t_query_arr = filter_db_get_available_queries();
foreach ($t_query_arr as $t_id => $t_name) {
if ($f_query_name == $t_name) {
$t_query_redirect_url = $t_query_redirect_url . '?error_msg=' . urlencode(lang_get('query_dupe_name'));
print_header_redirect($t_query_redirect_url);
exit;
}
}
$t_project_id = helper_get_current_project();
if ($f_all_projects) {
$t_project_id = 0;
}
$t_filter_string = filter_db_get_filter(gpc_get_cookie(config_get('view_all_cookie'), ''));
$t_new_row_id = filter_db_set_for_current_user($t_project_id, $f_is_public, $f_query_name, $t_filter_string);
if ($t_new_row_id == -1) {
$t_query_redirect_url = $t_query_redirect_url . '?error_msg=' . urlencode(lang_get('query_store_error'));
print_header_redirect($t_query_redirect_url);
} else {
print_header_redirect('view_all_bug_page.php');
}
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
/**
* @package MantisBT
* @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
* @copyright Copyright (C) 2002 - 2013 MantisBT Team - mantisbt-dev@lists.sourceforge.net
* @link http://www.mantisbt.org
*/
/**
* MantisBT Core API's
*/
require_once 'core.php';
form_security_validate('manage_user_proj_add');
auth_reauthenticate();
$f_user_id = gpc_get_int('user_id');
$f_access_level = gpc_get_int('access_level');
$f_project_id = gpc_get_int_array('project_id', array());
$t_manage_user_threshold = config_get('manage_user_threshold');
user_ensure_exists($f_user_id);
foreach ($f_project_id as $t_proj_id) {
if (access_has_project_level($t_manage_user_threshold, $t_proj_id) && access_has_project_level($f_access_level, $t_proj_id)) {
project_add_user($t_proj_id, $f_user_id, $f_access_level);
}
}
form_security_purge('manage_user_proj_add');
print_header_redirect('manage_user_edit_page.php?user_id=' . $f_user_id);
require_api('authentication_api.php');
require_api('config_api.php');
require_api('constant_inc.php');
require_api('gpc_api.php');
require_api('print_api.php');
require_api('user_api.php');
# check if at least one way to get here is enabled
if (OFF == config_get('allow_signup') && OFF == config_get('lost_password_feature') && OFF == config_get('send_reset_password')) {
trigger_error(ERROR_LOST_PASSWORD_NOT_ENABLED, ERROR);
}
$f_user_id = gpc_get_string('id');
$f_confirm_hash = gpc_get_string('confirm_hash');
# force logout on the current user if already authenticated
if (auth_is_user_authenticated()) {
auth_logout();
# reload the page after logout
print_header_redirect('verify.php?id=' . $f_user_id . '&confirm_hash=' . $f_confirm_hash);
}
$t_calculated_confirm_hash = auth_generate_confirm_hash($f_user_id);
if ($f_confirm_hash != $t_calculated_confirm_hash) {
trigger_error(ERROR_LOST_PASSWORD_CONFIRM_HASH_INVALID, ERROR);
}
# set a temporary cookie so the login information is passed between pages.
auth_set_cookies($f_user_id, false);
user_reset_failed_login_count_to_zero($f_user_id);
user_reset_lost_password_in_progress_count_to_zero($f_user_id);
# fake login so the user can set their password
auth_attempt_script_login(user_get_field($f_user_id, 'username'));
user_increment_login_count($f_user_id);
define('ACCOUNT_VERIFICATION_INC', true);
include dirname(__FILE__) . '/account_page.php';
$client->setAccessToken($_SESSION['access_token']);
}
if ($client->getAccessToken()) {
$userData = $objOAuthService->userinfo->get();
$data['userData'] = $userData;
$_SESSION['access_token'] = $client->getAccessToken();
}
$user_id = user_get_id_by_email($userData->email);
# check for disabled account
if (!user_is_enabled($user_id)) {
echo "<p>Your email didn't to registration on this web site. Please register new account first. ";
return false;
}
# max. failed login attempts achieved...
if (!user_is_login_request_allowed($user_id)) {
echo "<p>Your email didn't to registration on this web site. Please register new account first. ";
return false;
}
# check for anonymous login
if (user_is_anonymous($user_id)) {
echo "<p>Your email didn't to registration on this web site. Please register new account first. ";
return false;
}
user_increment_login_count($user_id);
user_reset_failed_login_count_to_zero($user_id);
user_reset_lost_password_in_progress_count_to_zero($user_id);
# set the cookies
auth_set_cookies($user_id, false);
auth_set_tokens($user_id);
print_header_redirect('../../../my_view_page.php');
require_once $t_core_path . 'custom_field_api.php';
require_once $t_core_path . 'date_api.php';
require_once $t_core_path . 'last_visited_api.php';
require_once $t_core_path . 'projax_api.php';
$f_bug_id = gpc_get_int('bug_id');
$t_bug = bug_prepare_edit(bug_get($f_bug_id, true));
if ($t_bug->project_id != helper_get_current_project()) {
# in case the current project is not the same project of the bug we are viewing...
# ... override the current project. This to avoid problems with categories and handlers lists etc.
$g_project_override = $t_bug->project_id;
$t_changed_project = true;
} else {
$t_changed_project = false;
}
if (SIMPLE_ONLY == config_get('show_update')) {
print_header_redirect('bug_update_page.php?bug_id=' . $f_bug_id);
}
if (bug_is_readonly($f_bug_id)) {
error_parameters($f_bug_id);
trigger_error(ERROR_BUG_READ_ONLY_ACTION_DENIED, ERROR);
}
access_ensure_bug_level(config_get('update_bug_threshold'), $f_bug_id);
html_page_top1(bug_format_summary($f_bug_id, SUMMARY_CAPTION));
html_page_top2();
print_recently_visited();
?>
<br />
<form method="post" action="bug_update.php">
<?php
echo form_security_field('bug_update');
# check if at least one way to get here is enabled
if ( OFF == config_get( 'allow_signup' ) &&
OFF == config_get( 'lost_password_feature' ) &&
OFF == config_get( 'send_reset_password' ) ) {
trigger_error( ERROR_LOST_PASSWORD_NOT_ENABLED, ERROR );
}
$f_user_id = gpc_get_string('id');
$f_confirm_hash = gpc_get_string('confirm_hash');
# force logout on the current user if already authenticated
if( auth_is_user_authenticated() ) {
auth_logout();
# reload the page after logout
print_header_redirect( "verify.php?id=$f_user_id&confirm_hash=$f_confirm_hash" );
}
$t_calculated_confirm_hash = auth_generate_confirm_hash( $f_user_id );
if ( $f_confirm_hash != $t_calculated_confirm_hash ) {
trigger_error( ERROR_LOST_PASSWORD_CONFIRM_HASH_INVALID, ERROR );
}
# set a temporary cookie so the login information is passed between pages.
auth_set_cookies( $f_user_id, false );
user_reset_failed_login_count_to_zero( $f_user_id );
user_reset_lost_password_in_progress_count_to_zero( $f_user_id );
# fake login so the user can set their password
if (!is_blank($f_return)) {
print_header_redirect($f_return, false, false, true);
} else {
print_header_redirect(config_get('default_home_page'));
}
}
# Check for automatic logon methods where we want the logon to just be handled by login.php
if (auth_automatic_logon_bypass_form()) {
$t_uri = 'login.php';
if (ON == config_get('allow_anonymous_login')) {
$t_uri = 'login_anon.php';
}
if (!is_blank($f_return)) {
$t_uri .= '?return=' . string_url($f_return);
}
print_header_redirect($t_uri);
exit;
}
# Determine if secure_session should default on or off?
# - If no errors, and no cookies set, default to on.
# - If no errors, but cookie is set, use the cookie value.
# - If errors, use the value passed in.
if ($t_session_validation) {
if (!$f_error && !$f_cookie_error) {
$t_default_secure_session = is_null($f_secure_session_cookie) ? true : $f_secure_session_cookie;
} else {
$t_default_secure_session = $f_secure_session;
}
}
# Determine whether the username or password field should receive automatic focus.
$t_username_field_autofocus = 'autofocus';
case 'bug_view_page.php':
case 'bug_view_advanced_page.php':
case 'bug_update_page.php':
case 'bug_change_status_page.php':
$t_path = $t_home_page;
break;
default:
$t_path = $t_referrer_page . $t_param;
break;
}
$t_redirect_url = $t_path;
} else {
if ($t_referrer_page == 'plugin.php') {
$t_redirect_url = $t_referrer_page . $t_param;
# redirect to same plugin page
} else {
$t_redirect_url = $t_home_page;
}
}
}
} else {
$t_redirect_url = $t_home_page;
}
}
}
print_header_redirect($t_redirect_url, true, true);
html_page_top1();
html_meta_redirect($t_redirect_url);
html_page_top1();
html_operation_successful($t_redirect_url);
html_page_bottom();
* @uses event_api.php
* @uses form_api.php
* @uses gpc_api.php
* @uses print_api.php
* @uses project_api.php
*/
require_once 'core.php';
require_api('access_api.php');
require_api('authentication_api.php');
require_api('config_api.php');
require_api('event_api.php');
require_api('form_api.php');
require_api('gpc_api.php');
require_api('print_api.php');
require_api('project_api.php');
form_security_validate('manage_proj_update');
auth_reauthenticate();
$f_project_id = gpc_get_int('project_id');
$f_name = gpc_get_string('name');
$f_description = gpc_get_string('description');
$f_status = gpc_get_int('status');
$f_view_state = gpc_get_int('view_state');
$f_file_path = gpc_get_string('file_path', '');
$f_enabled = gpc_get_bool('enabled');
$f_inherit_global = gpc_get_bool('inherit_global', 0);
access_ensure_project_level(config_get('manage_project_threshold'), $f_project_id);
project_update($f_project_id, $f_name, $f_description, $f_status, $f_view_state, $f_file_path, $f_enabled, $f_inherit_global);
event_signal('EVENT_MANAGE_PROJECT_UPDATE', array($f_project_id));
form_security_purge('manage_proj_update');
print_header_redirect('manage_proj_page.php');
#
# You should have received a copy of the GNU General Public License
# along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
/**
* login_anon.php logs a user in anonymously without having to enter a username
* or password.
*
* Depends on two global configuration variables:
* allow_anonymous_login - bool which must be true to allow anonymous login.
* anonymous_account - name of account to login with.
*
* TODO:
* Check how manage account is impacted.
* Might be extended to allow redirects for bug links etc.
* @package MantisBT
* @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
* @copyright Copyright (C) 2002 - 2014 MantisBT Team - mantisbt-dev@lists.sourceforge.net
* @link http://www.mantisbt.org
*/
/**
* MantisBT Core API's
*/
require_once 'core.php';
$f_return = gpc_get_string('return', '');
$t_anonymous_account = config_get('anonymous_account');
if ($f_return !== '') {
$t_return = string_url(string_sanitize_url($f_return));
print_header_redirect("login.php?username={$t_anonymous_account}&perm_login=false&return={$t_return}");
} else {
print_header_redirect("login.php?username={$t_anonymous_account}&perm_login=false");
}
form_security_validate('signup');
$f_username = strip_tags(gpc_get_string('username'));
$f_email = strip_tags(gpc_get_string('email'));
$f_captcha = gpc_get_string('captcha', '');
$f_username = trim($f_username);
$f_email = email_append_domain(trim($f_email));
$f_captcha = utf8_strtolower(trim($f_captcha));
# Retrieve captcha key now, as session might get cleared by logout
$t_form_key = session_get_int(CAPTCHA_KEY, null);
# force logout on the current user if already authenticated
if (auth_is_user_authenticated()) {
auth_logout();
}
# Check to see if signup is allowed
if (OFF == config_get_global('allow_signup')) {
print_header_redirect('login_page.php');
exit;
}
if (ON == config_get('signup_use_captcha') && get_gd_version() > 0 && helper_call_custom_function('auth_can_change_password', array())) {
# captcha image requires GD library and related option to ON
$t_key = utf8_strtolower(utf8_substr(md5(config_get('password_confirm_hash_magic_string') . $t_form_key), 1, 5));
if ($t_key != $f_captcha) {
trigger_error(ERROR_SIGNUP_NOT_MATCHING_CAPTCHA, ERROR);
}
# Clear captcha cache
session_delete(CAPTCHA_IMG);
}
email_ensure_not_disposable($f_email);
# notify the selected group a new user has signed-up
if (user_signup($f_username, $f_email)) {
email_notify_new_account($f_username, $f_email);
* @package MantisBT
* @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
* @copyright Copyright (C) 2002 - 2013 MantisBT Team - mantisbt-dev@lists.sourceforge.net
* @link http://www.mantisbt.org
*/
/**
* MantisBT Core API's
*/
require_once 'core.php';
form_security_validate('account_delete');
auth_ensure_user_authenticated();
current_user_ensure_unprotected();
# Only allow users to delete their own accounts if allow_account_delete = ON or
# the user has permission to manage user accounts.
if (OFF == config_get('allow_account_delete') && !access_has_global_level(config_get('manage_user_threshold'))) {
print_header_redirect('account_page.php');
}
# check that we are not deleting the last administrator account
$t_admin_threshold = config_get_global('admin_site_threshold');
if (current_user_is_administrator() && user_count_level($t_admin_threshold) <= 1) {
trigger_error(ERROR_USER_CHANGE_LAST_ADMIN, ERROR);
}
helper_ensure_confirmed(lang_get('confirm_delete_msg'), lang_get('delete_account_button'));
form_security_purge('account_delete');
$t_user_id = auth_get_current_user_id();
auth_logout();
user_delete($t_user_id);
html_page_top1();
html_page_top2a();
?>
$t_current_project = helper_get_current_project();
$t_project_id = gpc_get_int('project_id', $t_current_project);
# If all projects, use default project if set
$t_default_project = user_pref_get_pref(auth_get_current_user_id(), 'default_project');
if (ALL_PROJECTS == $t_project_id && ALL_PROJECTS != $t_default_project) {
$t_project_id = $t_default_project;
}
if ((ALL_PROJECTS == $t_project_id || project_exists($t_project_id)) && $t_project_id != $t_current_project) {
helper_set_current_project($t_project_id);
# Reloading the page is required so that the project browser
# reflects the new current project
print_header_redirect($_SERVER['REQUEST_URI'], true, false, true);
}
# New issues cannot be reported for the 'All Project' selection
if (ALL_PROJECTS == $t_current_project) {
print_header_redirect('login_select_proj_page.php?ref=bug_report_page.php');
}
access_ensure_project_level(config_get('report_bug_threshold'));
$f_build = gpc_get_string('build', '');
$f_platform = gpc_get_string('platform', '');
$f_os = gpc_get_string('os', '');
$f_os_build = gpc_get_string('os_build', '');
$f_product_version = gpc_get_string('product_version', '');
$f_target_version = gpc_get_string('target_version', '');
$f_profile_id = gpc_get_int('profile_id', 0);
$f_handler_id = gpc_get_int('handler_id', 0);
$f_category_id = gpc_get_int('category_id', 0);
$f_reproducibility = gpc_get_int('reproducibility', (int) config_get('default_bug_reproducibility'));
$f_eta = gpc_get_int('eta', (int) config_get('default_bug_eta'));
$f_severity = gpc_get_int('severity', (int) config_get('default_bug_severity'));
$f_priority = gpc_get_int('priority', (int) config_get('default_bug_priority'));
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.
#
# Mantis is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Mantis. If not, see <http://www.gnu.org/licenses/>.
# --------------------------------------------------------
# $Id: manage_custom_field_proj_add.php,v 1.2.2.1 2007-10-13 22:33:29 giallu Exp $
# --------------------------------------------------------
require_once 'core.php';
form_security_validate('manage_custom_field_proj_add');
auth_reauthenticate();
$f_field_id = gpc_get_int('field_id');
$f_project_id = gpc_get_int_array('project_id', array());
$f_sequence = gpc_get_int('sequence');
$t_manage_project_threshold = config_get('manage_project_threshold');
foreach ($f_project_id as $t_proj_id) {
if (access_has_project_level($t_manage_project_threshold, $t_proj_id)) {
if (!custom_field_is_linked($f_field_id, $t_proj_id)) {
custom_field_link($f_field_id, $t_proj_id);
}
custom_field_set_sequence($f_field_id, $t_proj_id, $f_sequence);
}
}
form_security_purge('manage_custom_field_proj_add');
print_header_redirect('manage_custom_field_edit_page.php?field_id=' . $f_field_id);
function print_successful_redirect($p_redirect_to)
{
if (helper_log_to_page()) {
html_page_top(null, $p_redirect_to);
echo '<br /><div class="center">';
echo lang_get('operation_successful') . '<br />';
print_bracket_link($p_redirect_to, lang_get('proceed'));
echo '</div>';
html_page_bottom();
} else {
print_header_redirect($p_redirect_to);
}
}
require_once $t_core_path . 'date_api.php';
require_once $t_core_path . 'relationship_api.php';
require_once $t_core_path . 'last_visited_api.php';
require_once $t_core_path . 'tag_api.php';
$f_bug_id = gpc_get_int('bug_id');
$f_history = gpc_get_bool('history', config_get('history_default_visible'));
bug_ensure_exists($f_bug_id);
access_ensure_bug_level(VIEWER, $f_bug_id);
$t_bug = bug_prepare_display(bug_get($f_bug_id, true));
if ($t_bug->project_id != helper_get_current_project()) {
# in case the current project is not the same project of the bug we are viewing...
# ... override the current project. This to avoid problems with categories and handlers lists etc.
$g_project_override = $t_bug->project_id;
}
if (SIMPLE_ONLY == config_get('show_view')) {
print_header_redirect('bug_view_page.php?bug_id=' . $f_bug_id);
}
compress_enable();
html_page_top1(bug_format_summary($f_bug_id, SUMMARY_CAPTION));
html_page_top2();
print_recently_visited();
$t_access_level_needed = config_get('view_history_threshold');
$t_can_view_history = access_has_bug_level($t_access_level_needed, $f_bug_id);
$t_bugslist = gpc_get_cookie(config_get('bug_list_cookie'), false);
?>
<br />
<table class="width100" cellspacing="1">
<tr>
# Delete the users who have never logged in and are older than 1 week
$days_old = (int)7 * SECONDS_PER_DAY;
$query = "SELECT id, access_level
FROM $t_user_table
WHERE ( login_count = 0 ) AND ( date_created = last_visit ) AND " . db_helper_compare_days( 0, "date_created", "> $days_old" );
$result = db_query_bound($query, Array( db_now() ) );
if ( !$result ) {
trigger_error( ERROR_GENERIC, ERROR );
}
$count = db_num_rows( $result );
if ( $count > 0 ) {
helper_ensure_confirmed( lang_get( 'confirm_account_pruning' ),
lang_get( 'prune_accounts_button' ) );
}
for ($i=0; $i < $count; $i++) {
$row = db_fetch_array( $result );
# Don't prune accounts with a higher global access level than the current user
if ( access_has_global_level( $row['access_level'] ) ) {
user_delete($row['id']);
}
}
form_security_purge( 'manage_user_prune' );
print_header_redirect( 'manage_user_page.php' );
*/
# don't auto-login when trying to verify new user
$g_login_anonymous = false;
/**
* MantisBT Core API's
*/
require_once 'core.php';
# check if at least one way to get here is enabled
if (OFF == config_get('allow_signup') && OFF == config_get('lost_password_feature') && OFF == config_get('send_reset_password')) {
trigger_error(ERROR_LOST_PASSWORD_NOT_ENABLED, ERROR);
}
$f_user_id = gpc_get_string('id');
$f_confirm_hash = gpc_get_string('confirm_hash');
# force logout on the current user if already authenticated
if (auth_is_user_authenticated()) {
auth_logout();
# reload the page after logout
print_header_redirect("verify.php?id={$f_user_id}&confirm_hash={$f_confirm_hash}");
}
$t_calculated_confirm_hash = auth_generate_confirm_hash($f_user_id);
if ($f_confirm_hash != $t_calculated_confirm_hash) {
trigger_error(ERROR_LOST_PASSWORD_CONFIRM_HASH_INVALID, ERROR);
}
# set a temporary cookie so the login information is passed between pages.
auth_set_cookies($f_user_id, false);
user_reset_failed_login_count_to_zero($f_user_id);
user_reset_lost_password_in_progress_count_to_zero($f_user_id);
# fake login so the user can set their password
auth_attempt_script_login(user_get_field($f_user_id, 'username'));
user_increment_login_count($f_user_id);
include dirname(__FILE__) . DIRECTORY_SEPARATOR . 'account_page.php';
$f_search = gpc_get_string(FILTER_PROPERTY_FREE_TEXT, false);
/** @todo need a better default */
$f_offset = gpc_get_int('offset', 0);
$t_cookie_value_id = gpc_get_cookie(config_get('view_all_cookie'), '');
$t_cookie_value = filter_db_get_filter($t_cookie_value_id);
$f_highlight_changed = 0;
$f_sort = null;
$f_dir = null;
$t_project_id = 0;
$t_columns = helper_get_columns_to_view(COLUMNS_TARGET_PRINT_PAGE);
$t_num_of_columns = count($t_columns);
# check to see if the cookie exists
if (!is_blank($t_cookie_value)) {
# check to see if new cookie is needed
if (!filter_is_cookie_valid()) {
print_header_redirect('view_all_set.php?type=0&print=1');
}
$t_setting_arr = explode('#', $t_cookie_value, 2);
$t_filter_cookie_arr = unserialize($t_setting_arr[1]);
$f_highlight_changed = $t_filter_cookie_arr[FILTER_PROPERTY_HIGHLIGHT_CHANGED];
$f_sort = $t_filter_cookie_arr[FILTER_PROPERTY_SORT_FIELD_NAME];
$f_dir = $t_filter_cookie_arr[FILTER_PROPERTY_SORT_DIRECTION];
$t_project_id = helper_get_current_project();
}
# This replaces the actual search that used to be here
$f_page_number = gpc_get_int('page_number', 1);
$t_per_page = -1;
$t_bug_count = null;
$t_page_count = null;
$result = filter_get_bug_rows($f_page_number, $t_per_page, $t_page_count, $t_bug_count);
$row_count = count($result);
* @uses print_api.php
* @uses project_api.php
*/
/**
* MantisBT Core API's
*/
require_once 'core.php';
require_api('access_api.php');
require_api('authentication_api.php');
require_api('config_api.php');
require_api('form_api.php');
require_api('gpc_api.php');
require_api('print_api.php');
require_api('project_api.php');
form_security_validate('manage_proj_user_add');
auth_reauthenticate();
$f_project_id = gpc_get_int('project_id');
$f_user_id = gpc_get_int_array('user_id', array());
$f_access_level = gpc_get_int('access_level');
# We should check both since we are in the project section and an
# admin might raise the first threshold and not realize they need
# to raise the second
access_ensure_project_level(config_get('manage_project_threshold'), $f_project_id);
access_ensure_project_level(config_get('project_user_threshold'), $f_project_id);
# Add user(s) to the current project
foreach ($f_user_id as $t_user_id) {
project_add_user($f_project_id, $t_user_id, $f_access_level);
}
form_security_purge('manage_proj_user_add');
print_header_redirect('manage_proj_edit_page.php?project_id=' . $f_project_id);
