/**
* Given an id, this method returns the user.
* When calling this method make sure that the caller has the right to retrieve
* information about the target user.
*/
function mci_user_get($p_username, $p_password, $p_user_id)
{
$t_user_data = array();
// if user doesn't exist, then mci_account_get_array_by_id() will throw.
$t_user_data['account_data'] = mci_account_get_array_by_id($p_user_id);
$t_user_data['access_level'] = access_get_global_level($p_user_id);
$t_user_data['timezone'] = user_pref_get_pref($p_user_id, 'timezone');
return $t_user_data;
}
/**
* Triggers an error if the current user is suspected to be a spammer.
* This should be run before actions like adding issues or issue notes. If the
* user is determined to demonstrate spammy behavior, this method will trigger an
* error and exit the script.
*/
function antispam_check()
{
if (OFF == config_get_global('allow_signup')) {
return;
}
if (access_get_global_level() > config_get('default_new_account_access_level')) {
return;
}
$t_antispam_max_event_count = config_get('antispam_max_event_count');
if ($t_antispam_max_event_count == 0) {
return;
}
# Make sure user has at least one more event to add before exceeding the limit, which will happen
# after this method returns.
$t_antispam_time_window_in_seconds = config_get('antispam_time_window_in_seconds');
if (history_count_user_recent_events($t_antispam_time_window_in_seconds) < $t_antispam_max_event_count) {
return;
}
error_parameters($t_antispam_max_event_count, $t_antispam_time_window_in_seconds);
trigger_error(ERROR_SPAM_SUSPECTED, ERROR);
}
/**
* This function checks the project access level first (for the current project
* if none is specified) and if the user is not listed, it falls back on the
* user's global access level.
* @param int $p_project_id integer representing project id to check access against
* @param int|null $p_user_id integer representing user id, defaults to null to use current user
* @return int access level user has to given project
* @access public
*/
function access_get_project_level($p_project_id = null, $p_user_id = null)
{
if (null === $p_user_id) {
$p_user_id = auth_get_current_user_id();
}
# Deal with not logged in silently in this case
/** @todo we may be able to remove this and just error and once we default to anon login, we can remove it for sure */
if (empty($p_user_id) && !auth_is_user_authenticated()) {
return ANYBODY;
}
if (null === $p_project_id) {
$p_project_id = helper_get_current_project();
}
$t_global_access_level = access_get_global_level($p_user_id);
if (ALL_PROJECTS == $p_project_id || user_is_administrator($p_user_id)) {
return $t_global_access_level;
} else {
$t_project_access_level = access_get_local_level($p_user_id, $p_project_id);
$t_project_view_state = project_get_field($p_project_id, 'view_state');
# Try to use the project access level.
# If the user is not listed in the project, then try to fall back
# to the global access level
if (false === $t_project_access_level) {
# If the project is private and the user isn't listed, then they
# must have the private_project_threshold access level to get in.
if (VS_PRIVATE == $t_project_view_state) {
if (access_compare_level($t_global_access_level, config_get('private_project_threshold', null, null, ALL_PROJECTS))) {
return $t_global_access_level;
} else {
return ANYBODY;
}
} else {
# project access not set, but the project is public
return $t_global_access_level;
}
} else {
# project specific access was set
return $t_project_access_level;
}
}
}
require_api('project_api.php');
require_api('project_hierarchy_api.php');
form_security_validate('manage_proj_create');
auth_reauthenticate();
access_ensure_global_level(config_get('create_project_threshold'));
$f_name = gpc_get_string('name');
$f_description = gpc_get_string('description');
$f_view_state = gpc_get_int('view_state');
$f_status = gpc_get_int('status');
$f_file_path = gpc_get_string('file_path', '');
$f_inherit_global = gpc_get_bool('inherit_global', 0);
$f_inherit_parent = gpc_get_bool('inherit_parent', 0);
$f_parent_id = gpc_get_int('parent_id', 0);
if (0 != $f_parent_id) {
project_ensure_exists($f_parent_id);
}
$t_project_id = project_create(strip_tags($f_name), $f_description, $f_status, $f_view_state, $f_file_path, true, $f_inherit_global);
if ($f_view_state == VS_PRIVATE && false === current_user_is_administrator()) {
$t_access_level = access_get_global_level();
$t_current_user_id = auth_get_current_user_id();
project_add_user($t_project_id, $t_current_user_id, $t_access_level);
}
if (0 != $f_parent_id) {
project_hierarchy_add($t_project_id, $f_parent_id, $f_inherit_parent);
}
event_signal('EVENT_MANAGE_PROJECT_CREATE', array($t_project_id));
form_security_purge('manage_proj_create');
$t_redirect_url = 'manage_proj_page.php';
html_page_top(null, $t_redirect_url);
html_operation_successful($t_redirect_url);
html_page_bottom();
<?php
require "worklog_api.php";
access_ensure_global_level(plugin_config_get('worklog_view_threshold'));
html_page_top1();
html_page_top2();
# Select the faq posts
$minimum_level = access_get_global_level();
$t_where_clausole = "view_access <= {$minimum_level}";
if (!isset($_POST['f_all_user']) || !isset($_GET['f_all_user'])) {
//allow show all youser
$t_where_clausole .= " and poster_id = " . current_user_get_field("id");
} else {
if (!isset($_POST['f_user_id'])) {
//show by userId
$t_where_clausole .= " and poster_id = " . gpc_get_int("poster_id");
}
}
$p_project_id = helper_get_current_project();
if ($p_project_id != 0) {
//pk remove filter by project
$t_where_clausole .= " and ((project_id='" . $p_project_id . "' OR project_id=0)";
$t_project_ids = project_hierarchy_get_subprojects($p_project_id);
foreach ($t_project_ids as $value) {
$t_where_clausole .= " or project_id='" . $value . "'";
}
$t_where_clausole .= ")";
}
$f_search = $_POST["f_search"];
if (!isset($f_search)) {
$f_search = "";
