$_POST["task_id"] = $_POST["taskid"];
}
}
if (isset($_REQUEST["task_id"])) {
$_REQUEST["taskid"] = $_REQUEST["task_id"];
} else {
if (isset($_REQUEST["taskid"])) {
$_REQUEST["task_id"] = $_REQUEST["taskid"];
}
}
$db = new Database();
$db->dbOpenFast($conf['database']);
$fs = new Flyspray();
// If version number of database and files do not match, run upgrader
if (Flyspray::base_version($fs->version) != Flyspray::base_version($fs->prefs['fs_ver'])) {
Flyspray::Redirect('setup/upgrade.php');
}
if (is_readable(BASEDIR . '/setup/index.php') && strpos($fs->version, 'dev') === false) {
die('<div style="text-align:center;padding:20px;font-family:sans-serif;font-size:16px;">
<p>If you are upgrading, please <a href="setup/upgrade.php"
style="
margin:2em;
background-color: white;
border: 1px solid #bbb;
border-radius: 4px;
box-shadow: 0 1px 1px #ddd;
color: #565656;
cursor: pointer;
display: inline-block;
font-family: sans-serif;
font-size: 100%;
/**
* Shows an error message
* @param string $error_message if it is an integer, an error message from the language file will be loaded
* @param bool $die enable/disable redirection (if outside the database modification script)
* @param string $advanced_info append a string to the error message
* @param string $url alternate redirection
* @access public static
* @return void
* @version 1.0
* @notes if a success and error happens on the same page, a mixed error message will be shown
* @todo is the if ($die) meant to be inside the else clause?
*/
public static function show_error($error_message, $die = true, $advanced_info = null, $url = null)
{
global $modes, $baseurl;
if (!is_int($error_message)) {
// in modify.inc.php
$_SESSION['ERROR'] = $error_message;
} else {
$_SESSION['ERROR'] = L('error#') . $error_message . ': ' . L('error' . $error_message);
if (!is_null($advanced_info)) {
$_SESSION['ERROR'] .= ' ' . $advanced_info;
}
if ($die) {
Flyspray::Redirect(is_null($url) ? $baseurl : $url);
}
}
}
function action_mass_edit()
{
Flyspray::Redirect(CreateUrl('edit', array('ids' => Req::val('ids'))));
}
public function check_account_ok()
{
global $conf, $baseurl;
// Anon users are always OK
if ($this->isAnon()) {
return;
}
$saltedpass = crypt($this->infos['user_pass'], $conf['general']['cookiesalt']);
if (Cookie::val('flyspray_passhash') !== $saltedpass || !$this->infos['account_enabled'] || !$this->perms('group_open', 0)) {
$this->logout();
Flyspray::Redirect($baseurl);
}
}
// ##################
case 'lostpw.chpass':
// Check that the user submitted both the fields, and they are the same
if (!Post::val('pass1') || strlen(trim(Post::val('magic_url'))) !== 32) {
Flyspray::show_error(L('erroronform'));
break;
}
if (Post::val('pass1') != Post::val('pass2')) {
Flyspray::show_error(L('passnomatch'));
break;
}
$new_pass_hash = Flyspray::cryptPassword(Post::val('pass1'));
$db->Query("UPDATE {users} SET user_pass = ?, magic_url = ''\n WHERE magic_url = ?", array($new_pass_hash, Post::val('magic_url')));
// TODO: Log event in a later version.
$_SESSION['SUCCESS'] = L('passchanged');
Flyspray::Redirect($baseurl);
break;
// ##################
// making a task private
// ##################
// ##################
// making a task private
// ##################
case 'makeprivate':
// TODO: Have to think about this one a bit more. Are project manager
// rights really needed for making a task a private? Are there some
// other conditions that would permit it? Also making it back to public.
if (!$user->perms('manage_project')) {
break;
}
$db->Query('UPDATE {tasks}
define('TEMPLATE_FOLDER', BASEDIR . '/templates/');
require_once OBJECTS_PATH . '/fix.inc.php';
require_once OBJECTS_PATH . '/class.gpc.php';
require_once OBJECTS_PATH . '/class.flyspray.php';
require_once OBJECTS_PATH . '/i18n.inc.php';
require_once OBJECTS_PATH . '/class.tpl.php';
# must be sure no-cache before any possible redirect, we maybe come back later here after composer install stuff.
header("Expires: Tue, 03 Jul 2001 06:00:00 GMT");
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
if (is_readable(APPLICATION_PATH . '/vendor/autoload.php')) {
// Use composer autoloader
require APPLICATION_PATH . '/vendor/autoload.php';
} else {
Flyspray::Redirect('composertest.php');
exit;
}
// no transparent session id improperly configured servers
ini_set('session.use_trans_sid', 0);
session_start();
if (is_readable('../flyspray.conf.php') && count(parse_ini_file('../flyspray.conf.php')) > 0) {
die('<div style="text-align:center;padding:20px;font-family:sans-serif;font-size:16px;">
Flyspray already installed. Use the <a href="upgrade.php"
style="
margin:2em;
background-color: white;
border: 1px solid #bbb;
border-radius: 4px;
box-shadow: 0 1px 1px #ddd;
color: #565656;
if (!$id) {
$id = Req::val('user_id');
}
$theuser = new User($id, $proj);
if ($theuser->isAnon()) {
Flyspray::show_error(5, true, null, $_SESSION['prev_page']);
}
$page->assign('theuser', $theuser);
case 'cat':
case 'editgroup':
// yeah, utterly stupid, is changed in 1.0 already
if (Req::val('area') == 'editgroup') {
$group_details = Flyspray::getGroupDetails(Req::num('id'));
if (!$group_details || $group_details['project_id'] != $proj->id) {
Flyspray::show_error(L('groupnotexist'));
Flyspray::Redirect(CreateURL('pm', 'groups', $proj->id));
}
$page->uses('group_details');
}
case 'groups':
case 'newuser':
case 'newuserbulk':
case 'editallusers':
$page->assign('groups', Flyspray::ListGroups());
case 'userrequest':
$sql = $db->Query("SELECT *\n FROM {admin_requests}\n WHERE request_type = 3 AND project_id = 0 AND resolved_by = 0\n ORDER BY time_submitted ASC");
$page->assign('pendings', $db->fetchAllArray($sql));
case 'newproject':
case 'os':
case 'prefs':
case 'resolution':
ob_start('ob_gzhandler');
} else {
ob_start();
}
$page = new FSTpl();
// make sure people are not attempting to manually fiddle with projects they are not allowed to play with
if (Req::has('project') && Req::val('project') != 0 && !$user->can_view_project(Req::val('project'))) {
Flyspray::show_error(L('nopermission'));
exit;
}
if ($show_task = Get::val('show_task')) {
// If someone used the 'show task' form, redirect them
if (is_numeric($show_task)) {
Flyspray::Redirect(CreateURL('details', $show_task));
} else {
Flyspray::Redirect($baseurl . '?string=' . $show_task);
}
}
if (Flyspray::requestDuplicated()) {
// Check that this page isn't being submitted twice
Flyspray::show_error(3);
}
# handle all forms request that modify data
if (Req::has('action')) {
# enforcing if the form sent the correct anti csrf token
# only allow token by post
if (!Post::has('csrftoken')) {
die('missingtoken');
} elseif (Post::val('csrftoken') == $_SESSION['csrftoken']) {
require_once BASEDIR . '/includes/modify.inc.php';
} else {
}
}
} else {
// Determine if the user should be remembered on this machine
if (Req::has('remember_login')) {
$cookie_time = time() + 60 * 60 * 24 * 30;
// Set cookies for 30 days
} else {
$cookie_time = 0;
// Set cookies to expire when session ends (browser closes)
}
$user = new User($user_id);
// Set a couple of cookies
$passweirded = md5($user->infos['user_pass'] . $conf['general']['cookiesalt']);
Flyspray::setcookie('flyspray_userid', $user->id, $cookie_time);
Flyspray::setcookie('flyspray_passhash', $passweirded, $cookie_time);
// If the user had previously requested a password change, remove the magic url
$remove_magic = $db->Query("UPDATE {users} SET magic_url = '' WHERE user_id = ?", array($user->id));
// Save for displaying
if ($user->infos['login_attempts'] > 0) {
$_SESSION['login_attempts'] = $user->infos['login_attempts'];
}
$db->Query('UPDATE {users} SET login_attempts = 0 WHERE user_id = ?', array($user->id));
$_SESSION['SUCCESS'] = L('loginsuccessful');
}
} else {
// If the user didn't provide both a username and a password, show this error:
Flyspray::show_error(8);
}
Flyspray::Redirect(Req::val('return_to'));
if (version_compare(phpversion(), '5.0.0', '>=')) {
set_error_handler(array('FlysprayDo', 'error'), ini_get('error_reporting'));
} else {
set_error_handler(array('FlysprayDo', 'error'));
}
$page = new FSTpl();
if (Get::val('opensearch')) {
$page->finish('opensearch.tpl');
}
if ($show_task = Get::val('show_task')) {
// If someone used the 'show task' form, redirect them
$task_id = Flyspray::GetTaskId($show_task);
if ($task_id) {
Flyspray::Redirect(CreateURL(array('details', 'task' . $task_id)));
} else {
Flyspray::Redirect(Createurl('index', array('string' => $show_task)));
}
}
if ($proj->id && $user->perms('manage_project')) {
// Find out if there are any PM requests wanting attention
$count = $db->x->GetOne('SELECT COUNT(*) FROM {admin_requests} WHERE project_id = ? AND resolved_by = 0', null, array($proj->id));
$page->assign('pm_pendingreq_num', $count);
}
// Get e-mail addresses of the admins
if ($user->isAnon() && !$fs->prefs['user_notify']) {
$amails = $db->x->getCol('SELECT email_address
FROM {users} u
LEFT JOIN {users_in_groups} g ON u.user_id = g.user_id
WHERE g.group_id = 1');
$amails = array_map(create_function('$x', 'return str_replace("@", "#", $x);'), $amails);
$page->assign('admin_emails', $amails);
function is_accessible()
{
global $user, $baseurl;
if (!$user->can_register() && !$user->can_self_register()) {
Flyspray::Redirect($baseurl);
}
return true;
}
}
$success = false;
if ($username) {
$group_in = $fs->prefs['anon_group'];
$name = $user_details->name ?: $username;
$success = Backend::create_user($username, null, $name, '', $user_details->email, 0, 0, $group_in, 1, $uid, $provider);
}
// username taken or not provided, ask for it
if (!$success) {
$_SESSION['oauth_token'] = serialize($token);
$_SESSION['oauth_provider'] = $provider;
$page->assign('provider', ucfirst($provider));
$page->assign('username', $username);
$page->pushTpl('register.oauth.tpl');
return;
}
}
if (($user_id = Flyspray::checkLogin($user_details->email, null, 'oauth')) < 1) {
Flyspray::show_error(23);
// account disabled
}
$user = new User($user_id);
// Set a couple of cookies
$passweirded = crypt($user->infos['user_pass'], $conf['general']['cookiesalt']);
Flyspray::setCookie('flyspray_userid', $user->id, 0, null, null, null, true);
Flyspray::setCookie('flyspray_passhash', $passweirded, 0, null, null, null, true);
$_SESSION['SUCCESS'] = L('loginsuccessful');
$return_to = $_SESSION['return_to'];
unset($_SESSION['return_to']);
Flyspray::Redirect($return_to);
function error($errno, $errstr = '', $errfile = '', $errline = 0)
{
global $db, $proj, $fs;
$page = new FSTpl();
$page->pushTpl('header.tpl');
$page->assign('do', 'index');
$page->setTheme(isset($proj) ? $proj->prefs['theme_style'] : $fs->prefs['global_theme']);
if (is_array($errno)) {
list($errno, $errstr, $url) = array_pad($errno, 3, '');
} else {
// ignore E_STRICT and @
if (($errno > E_ALL || !ini_get('error_reporting')) && (isset($errstr) && strpos($errstr, 'by reference') === false)) {
return;
}
$errno = ERROR_INTERNAL;
}
if (isset($db) && is_object($db) && $db->inTransaction()) {
$db->rollback();
// if possible, undo database queries
}
switch ($errno) {
case ERROR_INTERNAL:
$page->assign('file', str_replace(BASEDIR . DIRECTORY_SEPARATOR, '', $errfile));
$page->assign('line', $errline);
case ERROR_PERMS:
case ERROR_INPUT:
@ob_clean();
// make sure that previous output is erased
$page->assign('type', $errno);
$page->assign('message', $errstr);
$page->pushTpl('error.tpl');
$page->finish('footer.tpl');
case ERROR_RECOVER:
if ($errstr) {
$_SESSION['ERROR'] = $errstr;
}
if ($url) {
Flyspray::Redirect($url);
}
break;
case SUBMIT_OK:
if ($errstr) {
$_SESSION['SUCCESS'] = $errstr;
}
if ($url) {
Flyspray::Redirect($url);
}
break;
}
}