/** * prepares the name of the user given the id. also makes it an email link. * @param int $p_user_id * @return string */ function prepare_user_name($p_user_id) { # Catch a user_id of NO_USER (like when a handler hasn't been assigned) if (NO_USER == $p_user_id) { return ''; } $t_username = user_get_name($p_user_id); if (user_exists($p_user_id) && user_get_field($p_user_id, 'enabled')) { $t_username = string_display_line($t_username); // WK/BFE: Original-Zeile auskommentiert: , LB/BFE 2015 // return '<a href="' . string_sanitize_url( 'view_user_page.php?id=' . $p_user_id, true ) . '">' . $t_username . '</a>'; // ersetzt durch: (Link auf view_user_page nur wenn globale Rolle mindestens $g_manage_user_threshold if (user_is_administrator(auth_get_current_user_id())) { return '<a href="' . string_sanitize_url('view_user_page.php?id=' . $p_user_id, true) . '">' . $t_username . '</a>'; } else { return $t_username; } // WK/BFE: Ende der Modifikation } else { $t_result = '<font STYLE="text-decoration: line-through">'; $t_result .= string_display_line($t_username); $t_result .= '</font>'; return $t_result; } }
function user_delete($username_to_delete) { if (!$username_to_delete) { redirect('/'); } if (($username_to_delete == $_SERVER['USER'] || user_is_administrator()) && user_is_valid($_SERVER['USERINFO_ARRAY']['username'], $_SERVER['USERINFO_ARRAY']['userpass'])) { $userdir = "{$_SERVER['PWUSERS_DIR']}/{$username_to_delete}"; exec("rm -fR {$userdir}", $delresults); exec("grep -rli {$username_to_delete} {$_SERVER['PWUSERS_DIR']}/*/watchedlist.txt", $watchedlists); foreach ($watchedlists as $watched) { $data = file_get_contents($watched); if (strstr($data, "!{$planowner}")) { preg_match("|(!{$planowner}.*!)|", $data, $matches); $remove = $matches[0]; } else { $remove = "\n{$planowner}\n"; } // remove whatever we found $data = str_replace($remove, '', $data); // break down multiple linebreaks so the list doesn't look weird in the edit view $data = str_replace("\n\n", "\n", $data); file_put_contents($watched, $data); } } else { output("Error deleting {$username_to_delete}", "\n\t<div class='alert'>\n\tYou can't delete {$username_to_delete}. Talk to an\n\t<a href='mailto:help@planwatch.org'>admin</a>.\n\tClick <a href='{$_SERVER['WEB_ROOT']}/'>here</a> to go back to the main page.\n\t</div>\n\t"); } if ($username_to_delete == $user) { logout("{$username_to_delete} has been deleted."); } else { redirect('/'); } }
/** * @param $types */ function print_document_selection($types) { $project_id = gpc_get_int('project_id', helper_get_current_project()); $specmanagement_database_api = new specmanagement_database_api(); echo '<select name="version_id">'; foreach ($types as $type) { $type_string = string_html_specialchars($type); $type_id = $specmanagement_database_api->get_type_id($type); $version_id_array = get_version_ids($type_id, $project_id); foreach ($version_id_array as $version_id) { $version_spec_project_id = version_get_field($version_id, 'project_id'); if (project_includes_user($version_spec_project_id, auth_get_current_user_id()) || user_is_administrator(auth_get_current_user_id())) { $version_string = version_full_name($version_id); echo '<option value="' . $version_id . '">'; echo $type_string . " - " . $version_string; echo '</option>'; } } } echo '</select>'; }
function menu() { if (plugin_config_get('show_menu')) { require_once __DIR__ . DIRECTORY_SEPARATOR . 'core' . DIRECTORY_SEPARATOR . 'wmApi.php'; $projectId = helper_get_current_project(); $userId = auth_get_current_user_id(); $userAccessLevel = user_get_access_level($userId, $projectId); $whiteboardPlugins = wmApi::getWhiteboardPlugins(); $showMenu = false; foreach ($whiteboardPlugins as $whiteboardPlugin) { $pluginAccessLevel = $whiteboardPlugin[2]; if (user_is_administrator($userId) || $userAccessLevel >= $pluginAccessLevel) { $showMenu = true; break; } } if ($showMenu) { return '<a href="' . plugin_page('whiteboard_menu') . '">' . plugin_lang_get('menu_title') . '</a>'; } } return null; }
function users_get_list() { $list = array(); if (user_is_administrator()) { $list_fn = "{$_SERVER['FILE_ROOT']}/stats/userlist_all.txt"; } else { $list_fn = "{$_SERVER['FILE_ROOT']}/stats/userlist_public.txt"; } if (file_exists($list_fn) && @filemtime($list_fn) > time() - 3600 * 12) { $list = @file($list_fn); } else { exec("ls -d {$_SERVER['PWUSERS_DIR']}/" . "*" . "/", $ulist); foreach ($ulist as $listuser) { parse_str(user_read_info(basename($listuser)), $tempuser); if ($tempuser['rlpref'] == 1) { $list[] = basename($listuser); } if (is_dir("{$_SERVER['PWUSERS_DIR']}/" . basename($listuser))) { $list_all[] = basename($listuser); } } file_put_contents("{$_SERVER['FILE_ROOT']}/stats/userlist.txt", implode("\n", $list)); file_put_contents("{$_SERVER['FILE_ROOT']}/stats/userlist_all.txt", implode("\n", $list_all)); if (user_is_administrator()) { $list = $list_all; } } return $list; }
form_security_validate('manage_user_delete'); auth_reauthenticate(); access_ensure_global_level( config_get( 'manage_user_threshold' ) ); $f_user_id = gpc_get_int( 'user_id' ); $t_user = user_get_row( $f_user_id ); # Ensure that the account to be deleted is of equal or lower access to the # current user. access_ensure_global_level( $t_user['access_level'] ); # check that we are not deleting the last administrator account $t_admin_threshold = config_get_global( 'admin_site_threshold' ); if ( user_is_administrator( $f_user_id ) && user_count_level( $t_admin_threshold ) <= 1 ) { trigger_error( ERROR_USER_CHANGE_LAST_ADMIN, ERROR ); } # If an administrator is trying to delete their own account, use # account_delete.php instead as it is handles logging out and redirection # of users who have just deleted their own accounts. if ( auth_get_current_user_id() == $f_user_id ) { form_security_purge( 'manage_user_delete' ); print_header_redirect( 'account_delete.php?account_delete_token=' . form_security_token( 'account_delete' ), true, false ); } helper_ensure_confirmed( lang_get( 'delete_account_sure_msg' ) . '<br/>' . lang_get( 'username_label' ) . lang_get( 'word_separator' ) . $t_user['username'], lang_get( 'delete_account_button' ) );
/** * Check if the current user has permissions to delete the stored query * @param $p_filter_id * @return bool */ function filter_db_can_delete_filter($p_filter_id) { $t_filters_table = db_get_table('filters'); $c_filter_id = db_prepare_int($p_filter_id); $t_user_id = auth_get_current_user_id(); # Administrators can delete any filter if (user_is_administrator($t_user_id)) { return true; } $query = "SELECT id\n\t\t\t\t FROM {$t_filters_table}\n\t\t\t\t WHERE id=" . db_param() . "\n\t\t\t\t AND user_id=" . db_param() . "\n\t\t\t\t AND project_id!=" . db_param(); $result = db_query_bound($query, array($c_filter_id, $t_user_id, -1)); if (db_num_rows($result) > 0) { return true; } return false; }
function plan_write_journaling($edit, $plandata, $private, $nolinebreaks = FALSE, $writer = FALSE) { include_once 'plan_read.php'; include_once 'snoop.php'; include_once 'spiel.php'; include_once 'send.php'; $planowner = $writer; // make sure all the timecodes are the same $time = time(); // find the character encoding of the plan entry, convert it to something // more universal mb_detect_order("UTF-8, UTF-8, Windows-1252"); if (mb_detect_encoding($plandata) == "Windows-1252") { $plandata = mb_convert_encoding($plandata, UTF - 8, Windows - 1252); } // make sure no one can post an update to someone else's plan // this will need to be smarter if we ever implement group plans // but probably we won't, so no biggie. if ($planowner != $_SERVER['USER'] && !user_is_administrator()) { $planowner = $_SERVER['USER']; } $plan_dir = "{$_SERVER['PWUSERS_DIR']}/{$planowner}/plan"; // Find the old snoops. We have to masquerade briefly as 'cacheuser' to do // this without leaving a spurious snitch or getting private entries. // We remain 'cacheuser' until after snoop_add() below. $_SERVER['USER'] = '******'; // find old snoops, for later clearing $old_snoop_array = snoop_find(plan_read_local($planowner, $_SERVER['USERINFO_ARRAY']['defaultdays'] + 3 . 'd'), $planowner); // delete the (now-invalid) cache files cache_clear($planowner); // leave a reminder to plan_read_local to ignore linebreaks. if ($nolinebreaks) { $plandata .= "<!--nolinebreaks-->"; } if ($_POST['title']) { $plandata .= "<!--title {$_POST['title']} -->"; } if ($_POST['tags']) { $plandata .= "<!--tags {$_POST['tags']} -->"; } // if we weren't editing an existing (already-posted) entry, set the filename for the current time. if (!$_POST['edit'] || $_POST['edit'] == $_POST['draft_edit']) { $_POST['edit'] = ".{$time}"; } $plan_fn = "{$plan_dir}/plan{$_POST['edit']}.txt{$_POST['private']}"; if (!file_exists($plan_fn)) { file_put_contents("{$_SERVER['PWUSERS_DIR']}/{$planowner}/stats/lastupdate", $time); } if ($_FILES['attached_file']['tmp_name']) { rename("{$_FILES['attached_file']['tmp_name']}", "{$_SERVER['USER_ROOT']}/files/{$_FILES['attached_file']['name']}"); if (strstr($_FILES['attached_file']['name'], 'jpg') || strstr($_FILES['attached_file']['name'], 'gif') || strstr($_FILES['attached_file']['name'], 'png')) { $plandata .= "<img src='/userfiles/view/{$writer}/{$_FILES['attached_file']['name']}' />"; } else { $plandata .= "\n<a href='/userfiles/view/{$writer}/{$_FILES['attached_file']['name']}'>{$_FILES['attached_file']['name']}</a>"; } } // else trigger_error("No Files Uploaded"); $plandata .= $_POST['markdown']; $plandata .= $_POST['nofeed']; // save old headers and footers. if (strstr($plan_fn, 'header') || strstr($plan_fn, 'footer')) { exec("mv {$plan_fn} {$plan_fn}.{$time}"); } // write the update to disk. file_put_contents($plan_fn, $plandata); // new feature: SPIEL // here's the part where spiels are found // TODO(v4.5): replace spiel syntax with hashtags if (!$private && !$edit) { spiel_find($plandata, $planowner, $time); } // here's the part where sends are found if (!$private && !$edit) { send_find($plandata, $planowner, $time); } if (file_exists($plan_fn)) { if ($private && file_exists("{$plan_dir}/plan{$edit}.txt")) { exec("mv {$plan_dir}/plan{$edit}.txt {$plan_dir}/rem.plan{$edit}.txt"); } if (!$private && file_exists("{$plan_dir}/plan{$edit}.txt.p")) { exec("mv {$plan_dir}/plan{$edit}.txt.p {$plan_dir}/rem.plan{$edit}.txt.p"); } if ($_POST['draft_edit'] && file_exists("{$plan_dir}/draft{$_POST['draft_edit']}.txt")) { unlink("{$plan_dir}/draft{$_POST['draft_edit']}.txt"); } // clean up old drafts if ($drafts = files_list("{$plan_dir}/", "draft*.txt")) { foreach ($drafts as $draft) { if (filemtime("{$plan_dir}/{$draft}") < time() - 7 * 24 * 3600) { unlink("{$plan_dir}/{$draft}"); } } } } @chmod($plan_fn, 0755); // clean old snoops and add new ones $new_snoop_array = snoop_find(plan_read_local($planowner), $planowner); $snoops_to_remove = array_unique(array_diff($old_snoop_array, $new_snoop_array)); $snoops_to_set = array_unique(array_diff($new_snoop_array, $old_snoop_array)); $remove_status = snoop_clean($snoops_to_remove, $planowner); $add_status = snoop_add($snoops_to_set, $planowner); $_SERVER['USER'] = $_SERVER['USERINFO_ARRAY']['username']; // done masquerading // report the good news if we wrote the post to disk. if (file_exists($plan_fn)) { if ($_SERVER['AJAX_POST']) { return $plandata; } if (!$_SERVER['BLOGPOST']) { if ($_COOKIE[$_SERVER['AUTH_COOKIE']]) { if ($_SERVER['AJAX_POST']) { return $plandata; } else { redirect("/read/{$planowner}"); } } elseif (user_is_valid($_SERVER['USERINFO_ARRAY']['username'], $_SERVER['USERINFO_ARRAY']['userpass'])) { if ($_POST['mailpost']) { echo "posted"; exit; } else { // If the writer's cookie expired while updating, log her back in. login($_SERVER['USERINFO_ARRAY']['username'], $_SERVER['USERINFO_ARRAY']['userpass'], 0, "/read/{$planowner}"); exit; } } } else { return ".{$time}"; } } else { if ($_SERVER['BLOGPOST']) { return FALSE; } else { output('Error Updating', "<div class='alert'>There was an error writing {$_SERVER['USER']}'s plan entry to {$plan_fn} {$edit}. <a href='{$_SERVER['WEB_ROOT']}/feature'>File a bug</a> so we know about this problem. Here's your plan text for safekeeping:<br /><br />{$plandata}</div>", '', ' had an error'); } } }
/** * print menu entrys for each plugin */ public static function printWhiteboardMenu() { $projectId = helper_get_current_project(); $userId = auth_get_current_user_id(); $userAccessLevel = user_get_access_level($userId, $projectId); $whiteboardPlugins = self::getWhiteboardPlugins(); $whiteboardPluginCount = count($whiteboardPlugins); echo '<div class="table">'; for ($index = 0; $index < $whiteboardPluginCount; $index++) { $whiteboardPlugin = $whiteboardPlugins[$index]; $plugin = $whiteboardPlugin[1]; $pluginAccessLevel = $whiteboardPlugin[2]; $pluginShowMenu = $whiteboardPlugin[3]; if ((user_is_administrator($userId) || $userAccessLevel >= $pluginAccessLevel) && $pluginShowMenu == 1) { if ($index > 0) { echo '<div class="item"> | </div>'; } $pluginLink = $whiteboardPlugin[4]; echo '<div class="item"><a href="' . $pluginLink . '">' . plugin_lang_get('menu_title', $plugin) . '</a></div>'; } } echo '</div>'; }
if (print_test_row('check mssql textsize in php.ini...', ini_get('mssql.textlimit') != 4096, ini_get('mssql.textlimit'))) { print_test_warn_row('check mssql textsize in php.ini...', ini_get('mssql.textsize') == 2147483647, ini_get('mssql.textsize')); } } print_test_row('check variables_order includes GPCS', stristr(ini_get('variables_order'), 'G') && stristr(ini_get('variables_order'), 'P') && stristr(ini_get('variables_order'), 'C') && stristr(ini_get('variables_order'), 'S'), ini_get('variables_order')); test_bug_download_threshold(); test_bug_attachments_allow_flags(); print_test_row('check mail configuration: send_reset_password = ON requires allow_blank_email = OFF', OFF == config_get_global('send_reset_password') || OFF == config_get_global('allow_blank_email')); print_test_row('check mail configuration: send_reset_password = ON requires enable_email_notification = ON', OFF == config_get_global('send_reset_password') || ON == config_get_global('enable_email_notification')); print_test_row('check mail configuration: allow_signup = ON requires enable_email_notification = ON', OFF == config_get_global('allow_signup') || ON == config_get_global('enable_email_notification')); print_test_row('check mail configuration: allow_signup = ON requires send_reset_password = ON', OFF == config_get_global('allow_signup') || ON == config_get_global('send_reset_password')); print_test_row('check language configuration: fallback_language is not \'auto\'', 'auto' != config_get_global('fallback_language')); print_test_row('check configuration: allow_anonymous_login = ON requires anonymous_account to be set', OFF == config_get_global('allow_anonymous_login') || strlen(config_get_global('anonymous_account')) > 0); $t_anon_user = false; print_test_row('check configuration: anonymous_account is a valid username if set', strlen(config_get_global('anonymous_account')) > 0 ? ($t_anon_user = user_get_id_by_name(config_get_global('anonymous_account'))) !== false : TRUE); print_test_row('check configuration: anonymous_account should not be an administrator', $t_anon_user ? !user_is_administrator($t_anon_user) : TRUE); print_test_row('$g_bug_link_tag is not empty ("' . config_get_global('bug_link_tag') . '")', '' != config_get_global('bug_link_tag')); print_test_row('$g_bugnote_link_tag is not empty ("' . config_get_global('bugnote_link_tag') . '")', '' != config_get_global('bugnote_link_tag')); print_test_row('filters: dhtml_filters = ON requires use_javascript = ON', OFF == config_get_global('dhtml_filters') || ON == config_get_global('use_javascript')); print_test_row('Phpmailer sendmail configuration requires escapeshellcmd. Please use a different phpmailer method if this is blocked.', PHPMAILER_METHOD_SENDMAIL != config_get('phpMailer_method') || PHPMAILER_METHOD_SENDMAIL == config_get('phpMailer_method') && function_exists('escapeshellcmd')); print_test_row('Phpmailer sendmail configuration requires escapeshellarg. Please use a different phpmailer method if this is blocked.', PHPMAILER_METHOD_SENDMAIL != config_get('phpMailer_method') || PHPMAILER_METHOD_SENDMAIL == config_get('phpMailer_method') && function_exists('escapeshellarg')); check_zend_optimiser_version(); if (plugin_is_installed('MantisGraph')) { plugin_push_current('MantisGraph'); print_test_row('checking gd is enabled, and version 2...', get_gd_version() == 2); if (plugin_config_get('eczlibrary', ON) == OFF) { $t_jpgraph_path = config_get('absolute_path') . 'library' . DIRECTORY_SEPARATOR . 'jpgraph' . DIRECTORY_SEPARATOR; if (!file_exists($t_jpgraph_path . 'jpgraph.php')) { print_test_row('checking we can find jpgraph class files...', false); } else { require_once $t_jpgraph_path . 'jpgraph.php';
/** * Check if the current user has permissions to delete the stored query * @param integer $p_filter_id Filter id. * @return boolean */ function filter_db_can_delete_filter($p_filter_id) { $c_filter_id = (int) $p_filter_id; $t_user_id = auth_get_current_user_id(); # Administrators can delete any filter if (user_is_administrator($t_user_id)) { return true; } $t_query = 'SELECT id FROM {filters} WHERE id=' . db_param() . ' AND user_id=' . db_param() . ' AND project_id!=' . db_param(); $t_result = db_query($t_query, array($c_filter_id, $t_user_id, -1)); if (db_result($t_result) > 0) { return true; } return false; }
$c_username = db_prepare_string($f_username); $c_realname = db_prepare_string($f_realname); $c_protected = db_prepare_bool($f_protected); $c_enabled = db_prepare_bool($f_enabled); $c_user_id = db_prepare_int($f_user_id); $c_access_level = db_prepare_int($f_access_level); $t_user_table = config_get('mantis_user_table'); $t_old_protected = user_get_field($f_user_id, 'protected'); # check that we are not downgrading the last administrator $t_old_access = user_get_field($f_user_id, 'access_level'); if (ADMINISTRATOR == $t_old_access && $t_old_access != $f_access_level && 1 >= user_count_level(ADMINISTRATOR)) { trigger_error(ERROR_USER_CHANGE_LAST_ADMIN, ERROR); } # Project specific access rights override global levels, hence, for users who are changed # to be administrators, we have to remove project specific rights. if ($c_access_level >= ADMINISTRATOR && !user_is_administrator($c_user_id)) { user_delete_project_specific_access_levels($c_user_id); } # if the user is already protected and the admin is not removing the # protected flag then don't update the access level and enabled flag. # If the user was unprotected or the protected flag is being turned off # then proceed with a full update. if ($f_protected && $t_old_protected) { $query = "UPDATE {$t_user_table}\n\t \t\tSET username='******', email='{$c_email}',\n\t \t\t\tprotected='{$c_protected}', realname='{$c_realname}'\n\t \t\tWHERE id='{$c_user_id}'"; } else { $query = "UPDATE {$t_user_table}\n\t \t\tSET username='******', email='{$c_email}',\n\t \t\t\taccess_level='{$c_access_level}', enabled='{$c_enabled}',\n\t \t\t\tprotected='{$c_protected}', realname='{$c_realname}'\n\t \t\tWHERE id='{$c_user_id}'"; } $result = db_query($query); $t_redirect_url = 'manage_user_page.php'; html_page_top1(); if ($result) {
/** * Returns true if the currently logged in user is has a role of administrator * or higher, false otherwise * * @return true: administrator; false: otherwise. * @access public */ function current_user_is_administrator() { return user_is_administrator(auth_get_current_user_id()); }
function is_admin_user($p_user_id) { return user_is_administrator($p_user_id); }
function output_build_reader_toolbar_mobile($content) { if ($_SERVER['URL_ARRAY'][3] == 'bio') { $is_bio = TRUE; } elseif ($_SERVER['URL_ARRAY'][1] == 'send') { $is_send = TRUE; } elseif (in_array('archives', $_SERVER['URL_ARRAY'])) { $is_archives = TRUE; } else { $is_plan = TRUE; } $planwatchlist = file_get_contents("{$_SERVER['USER_ROOT']}/watchedlist.txt"); if ($is_send) { $_SERVER['PLANOWNER'] = $_SERVER['URL_ARRAY'][2]; plan_get_owner_info($_SERVER['PLANOWNER']); } if (user_is_valid($_SERVER['USERINFO_ARRAY']['username'], $_SERVER['USERINFO_ARRAY']['userpass']) && $_SERVER['PLANOWNER'] && !strstr($content, '<h1>Plan Read Failed</h1>')) { profile('reader_toolbar', 'begin'); if ($is_plan || $is_bio || $is_archives || $is_send && $_SERVER['URL_ARRAY'][2]) { // bio if ((file_exists("{$_SERVER['PWUSERS_DIR']}/{$_SERVER['PLANOWNER']}/bio.txt") || (strpos($_SERVER['PLANOWNER_REAL_LOCATION'], 'diaryland') || strpos($_SERVER['PLANOWNER_REAL_LOCATION'], 'livejournal'))) && !$is_bio) { $readertoolbar[] = "<a href='{$_SERVER['WEB_ROOT']}/read/{$_SERVER['PLANOWNER_REAL_LOCATION']}/bio'>bio</a>"; } // send if ((strpos($_SERVER['PLANOWNER_REAL_LOCATION'], 'planworld.net') || strpos($_SERVER['PLANOWNER_REAL_LOCATION'], 'amherst.edu') || plan_is_local($_SERVER['PLANOWNER'])) && $_SERVER['PLANOWNER'] != $_SERVER['USER'] && !$is_send) { $send_files = files_list("{$_SERVER['USER_ROOT']}/sends", files_encode_safe_name("{$_SERVER['PLANOWNER']}") . "*"); if (is_array($send_files)) { $lastsend = formattime(filemtime("{$_SERVER['USER_ROOT']}/sends/" . end($send_files))); if (strstr(end($send_files), '.new')) { $lastsend .= " <b>NEW</b>"; } $lastsend = "({$lastsend})"; } $readertoolbar[] = "<a href='{$_SERVER['WEB_ROOT']}/send/{$_SERVER['PLANOWNER_REAL_LOCATION']}/'>send</a>"; } // planread if ($is_send || $is_bio) { $readertoolbar[] = "<a href='{$_SERVER['WEB_ROOT']}/read/{$_SERVER['PLANOWNER_REAL_LOCATION']}/'>plan</a>"; } // archives if (plan_has_archives($_SERVER['PLANOWNER_REAL_LOCATION'])) { if (!$is_archives) { $readertoolbar[] = "<a href='{$_SERVER['WEB_ROOT']}/read/{$_SERVER['PLANOWNER']}/archives' >archives</a>"; } else { $readertoolbar[] = "<a href='{$_SERVER['WEB_ROOT']}/read/{$_SERVER['PLANOWNER']}' >plan</a>"; } } // If the reader isn't watching the writer, offer the option if (!stristr($planwatchlist, $_SERVER['PLANOWNER']) && $is_plan) { $readertoolbar[] = "<span id='watch_link'><a href=\"javascript:loadXMLDoc('{$_SERVER['WEB_ROOT']}/lists/add_ajax/watched/!{$_SERVER['PLANOWNER_REAL_LOCATION']}:{$_SERVER['PLANOWNER_DISPLAY_NAME']}!',null,'planwatch');void(null);\" title='add {$_SERVER['PLANOWNER_DISPLAY_NAME']} to your watched list' >watch</a></span>"; } // if writer isn't a blog or the same as reader, offer the option of // blocking, unblocking, allowing, or disallowing access to reader's plan if ($_SERVER['PLANOWNER'] != $_SERVER['USER'] && !strpos($_SERVER['PLANOWNER'], '://')) { // offer administrators a link to masquerade as writer // this is so it's easy to follow up on plan-reported bugs if (user_is_administrator() && file_exists("{$_SERVER['PWUSERS_DIR']}/{$_SERVER['PLANOWNER']}/userinfo.dat")) { $readertoolbar[] = "<a href='{$_SERVER['WEB_ROOT']}/masq/on/{$_SERVER['PLANOWNER']}'>masq</a>"; } if ($is_plan) { $readertoolbar[] = "<a href='/lists/unread/{$_SERVER['PLANOWNER']}'>unread</a>"; } if ($is_send) { $readertoolbar[] = "<a href='/send/{$_SERVER['PLANOWNER']}/unread'>unread</a>"; } } // make the links into a string for output. $readertoolbar = "<li class='toolbutton'>" . implode("</li><li class='toolbutton'>", $readertoolbar) . "</li>\n"; $readertoolbar = str_replace("<li class='toolbutton'></li>", "", $readertoolbar); if (($lasttime = plan_get_last_update($_SERVER['PLANOWNER'])) && $is_plan) { $readertoolbar = "<li class='plan_data_block'>Last Update: " . formattime($lasttime) . "</li>" . $readertoolbar; } if ($lastlogin = plan_get_last_login($_SERVER['PLANOWNER'])) { if ($lastlogin > 1) { $readertoolbar = "<li class='plan_data_block' id='lastaction'>Last Action: " . formattime($lastlogin) . "</li>" . $readertoolbar; } } } profile('reader_toolbar', 'end'); } return $readertoolbar; }
<?php if( !$t_ldap ) { ?> <div class="important-msg"> <?php if ( ( ON == config_get( 'send_reset_password' ) ) && ( ON == config_get( 'enable_email_notification' ) ) ) { echo lang_get( 'reset_password_msg' ); } else { echo lang_get( 'reset_password_msg2' ); } ?> </div> <?php } ?> <!-- PROJECT ACCESS (if permissions allow) and user is not ADMINISTRATOR --> <?php if ( access_has_global_level( config_get( 'manage_user_threshold' ) ) && !user_is_administrator( $t_user_id ) ) { ?> <div class="form-container"> <h2><?php echo lang_get( 'add_user_title' ) ?></h2> <div class="field-container <?php echo helper_alternate_class_no_attribute(); ?>"> <span class="display-label"><span><?php echo lang_get( 'assigned_projects_label' ) ?></span></span> <div class="input"><?php print_project_user_list( $t_user['id'] ) ?></div> <span class="label-style"></span> </div> <form id="manage-user-project-add-form" method="post" action="manage_user_proj_add.php"> <fieldset> <?php echo form_security_field( 'manage_user_proj_add' ) ?> <input type="hidden" name="user_id" value="<?php echo $t_user['id'] ?>" /> <div class="field-container <?php echo helper_alternate_class_no_attribute(); ?>"> <label for="add-user-project-id"><span><?php echo lang_get( 'unassigned_projects_label' ) ?></span></label> <span class="select">
function displayfeature($featurename = '') { if (file_exists("{$_SERVER['FILE_ROOT']}/features/{$featurename}")) { parse_str(file_get_contents("{$_SERVER['FILE_ROOT']}/features/{$featurename}", 'r')); $real = 1; } if (!$response) { $response = 'none yet'; } $content .= stripslashes("\n\t<h1>{$title}</h1>\n\tStatus:\t<b>{$status}</b><br />\n\tPriority: <b>{$priority}</b><br />\n\tTime Noticed: <b>{$time_noticed}</b><br />\n\tSubmitted by: <b>{$submitter}</b><br />\n\tIP: <b>{$ip}</b><br /><br />\n\tBrowser Used: <b>{$user_agent}</b><br /><br />\n\n\t<b>Description:</b><br />\n\t" . nl2br($note) . "\n\t<br /><br />\n\n\t<b>Response:</b><br />\n\t" . nl2br($response) . "\n\t<br /><br />\n"); if (user_is_administrator() || $_SERVER['USER'] == $submitter) { $content .= "\t[ <a href='{$_SERVER['WEB_ROOT']}/feature/edit/{$featurename}'>edit</a> ]"; } if ($real) { return $content; } else { return "<div class='alert'>We can't find a feature request or bug report by the name <i>{$featurename}</i>.</div>"; } }
function menus_populate($button, $content = FALSE) { switch ($button) { case "view": $links .= "<li>\n<!--\nTHE VIEW MENUBOX\n-->\n\n\t\t<i>read your own plan. you know, in case you forgot.</i></li>\n\n\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/view'>view your plan</a></li>\n\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/read/{$_SERVER['USER']}/bio'>view your bio</a></li>\n"; if (plan_has_archives($_SERVER['USER'])) { $links .= "<li><a href='{$_SERVER['WEB_ROOT']}/read/{$_SERVER['USER']}/archives'>view your archives</a></li>\n"; } if (plan_is_journaling($_SERVER['USER'])) { $links .= "<li><hr /><a href='{$_SERVER['WEB_ROOT']}/view/all_hidden'>view your hidden entries</a></li>\n\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/view/all_private'>view your private entries</a></li>\n"; } break; case "write": $links .= "\n<!--\nTHE WRITE MENUBOX\n-->\n\n\t\t<li><i>write a plan update. you know you want to.</i></li>\n\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/write'>update your plan</a></li>\n\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/write/bio'>edit your bio</a></li>\n"; if (user_is_administrator()) { $links .= "<li><a href='{$_SERVER['WEB_ROOT']}/write/system'>update the system plan</a></li>\n"; } $links .= "<li><hr/>\n</li>\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/write/css'>change plan styles</a></li>\n\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/write/header'>change plan header</a></li>\n\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/write/footer'>change plan footer</a></li>\n"; if (plan_is_journaling($_SERVER['USER'])) { $links .= "<li><a href='{$_SERVER['WEB_ROOT']}/write/divider'>change your divider</a></li>\n"; } $links .= "<li><hr/></li>\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/send'>write a send</a></li>\n"; if ($content && plan_is_journaling($_SERVER['USER']) && strstr($_SERVER['REQUEST_URI'], "/read/{$_SERVER['USER']}")) { preg_match_all('|entry_content_([0-9]+)|', $content, $matches); $matches = $matches[1]; if (is_array($matches)) { $links .= "<li><hr/>edit recent entries...</li>\n"; foreach ($matches as $match) { $links .= "<li><a href='{$_SERVER['WEB_ROOT']}/write/.{$match}'>" . formattime($match) . "</a></li>\n"; } } } break; case "snitch": $links .= "\n<!--\nTHE SNITCH MENUBOX\n-->\n\n\t\t<li><i>snitch and other s-words.</i></li>\n\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/snitch'>snitch</a></li>\n"; $links .= "<li><hr/>\n</li>\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/snoop'>snoop</a></li>\n\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/send'>send</a></li>\n"; break; case "tools": $links .= "\n<!--\nTHE TOOLS MENUBOX\n-->\n"; $links .= "<li><i>tools to maintain and customize your account</i></li>"; $links .= "\n\t\t\t<li><a href='{$_SERVER['WEB_ROOT']}/feature/' title='report a bug or request a feature'>report a bug</a><br/><hr/></li>\n" . "<li><a href='{$_SERVER['WEB_ROOT']}/slogans/add' title='add your own pw.o slogan to the random selection'>add a new slogan</a><br/>\n\t\t\t<a href='{$_SERVER['WEB_ROOT']}/smileys/add' title='upload a new smiley for people to use on their plans'>add a new smiley</a><br/>\n\t\t\t<hr/></li>\n" . "<li><a href='{$_SERVER['WEB_ROOT']}/lists/edit/allowed' title='change who can read your private entries'>edit your allowed list</a><br/>\n\t\t\t<a href='{$_SERVER['WEB_ROOT']}/lists/edit/blocked' title='change who is prevented from reading you'>edit your blocked list</a><br/>\n\t\t\t<hr/>\n</li>" . "<li><a href='{$_SERVER['WEB_ROOT']}/prefs/styles'>customize colors</a></li>\n" . "<li><a href='{$_SERVER['WEB_ROOT']}/prefs/fonts'>customize fonts</a></li>\n" . "<li><a href='{$_SERVER['WEB_ROOT']}/prefs/custom_css' title='add custom css'>customize css</a></li>\n" . "<li><a href='{$_SERVER['WEB_ROOT']}/prefs/skin' title='pick a skin'>pick a skin</a></li>\n" . "<li><hr/></li>\n" . "<li><a href='{$_SERVER['WEB_ROOT']}/prefs/userinfo'>user settings</a></li>\n" . "<li><a href='{$_SERVER['WEB_ROOT']}/prefs/interface'>interface prefs</a></li>\n"; // ."<li>skin preview:<br/> <!--SKIN_SELECTOR--></li>\n" break; case "<!--TIME-->": $links .= "<!--LOADTIME-->"; break; case "watched": $links .= "\n\t\t\t<li><a href='{$_SERVER['WEB_ROOT']}/lists/edit/watched' title='edit your watched list'>edit</a></li>\n\t\t\t<li class='listheader'>move\n\t\t\t<a href='{$_SERVER['WEB_ROOT']}/lists/move/watched/top'>top</a>\n\t\t\t<a href='{$_SERVER['WEB_ROOT']}/lists/move/watched/left'>left</a>\n\t\t\t<a href='{$_SERVER['WEB_ROOT']}/lists/move/watched/right'>right</a></li>\n\t\t\t<!--<b>move AJAX</b>\n\t\t\t<li><a href=\"javascript:list_move('top');void(null);\">top</a></li>\n\t\t\t<li><a href=\"javascript:list_move('left');void(null);\">left</a></li>\n\t\t\t<li><a href=\"javascript:list_move('right');void(null);\">right</a></li>\n\t\t\t-->\n\t\t\t<li class='listheader'>sort\n\t\t\t<a href=\"javascript:loadXMLDoc('{$_SERVER['WEB_ROOT']}/lists/resort/name/ajax','','planwatch');void(null);\" title='sort alphabetically by name'>abc</a>\n\t\t\t<a href=\"javascript:loadXMLDoc('{$_SERVER['WEB_ROOT']}/lists/resort/time/ajax','','planwatch');void(null);\" title='sort by date and time'>321</a>\n\t\t\t<a href=\"javascript:loadXMLDoc('{$_SERVER['WEB_ROOT']}/lists/resort/inorder/ajax','','planwatch');void(null);\" title='do not sort, use in the order listed'>zfq</a></li>\n\t\t\t<li class='listheader'>status\n\t\t\t<a href='{$_SERVER['WEB_ROOT']}/lists/planwatch_mark_all_read' title='mark all plans as read'>update</a>\n\t\t\t<a href='{$_SERVER['WEB_ROOT']}/lists/planwatch_mark_all_unread' title='mark all plans as unread'>reset</a></li>\n\t\t\t<!--<li><b>lists</b></li>\n\t\t\t<li><a href='{$_SERVER['WEB_ROOT']}/lists/advertised_users' title='advertised users'>advertised users</a> </li>\n\t\t\t<li><a href='{$_SERVER['WEB_ROOT']}/lists/registered_users' title='registered users'>registered users</a></li>-->\n"; break; } return $links; }
function filter_get_bug_rows(&$p_page_number, &$p_per_page, &$p_page_count, &$p_bug_count, $p_custom_filter = null, $p_project_id = null, $p_user_id = null, $p_show_sticky = null) { $t_bug_table = config_get('mantis_bug_table'); $t_bug_text_table = config_get('mantis_bug_text_table'); $t_bugnote_table = config_get('mantis_bugnote_table'); $t_custom_field_string_table = config_get('mantis_custom_field_string_table'); $t_bugnote_text_table = config_get('mantis_bugnote_text_table'); $t_project_table = config_get('mantis_project_table'); $t_bug_monitor_table = config_get('mantis_bug_monitor_table'); $t_limit_reporters = config_get('limit_reporters'); $t_bug_relationship_table = config_get('mantis_bug_relationship_table'); $t_report_bug_threshold = config_get('report_bug_threshold'); $t_current_user_id = auth_get_current_user_id(); if (null === $p_user_id) { $t_user_id = $t_current_user_id; } else { $t_user_id = $p_user_id; } $c_user_id = db_prepare_int($t_user_id); if (null === $p_project_id) { $t_project_id = helper_get_current_project(); } else { $t_project_id = $p_project_id; } if ($p_custom_filter === null) { # Prefer current_user_get_bug_filter() over user_get_filter() when applicable since it supports # cookies set by previous version of the code. if ($t_user_id == $t_current_user_id) { $t_filter = current_user_get_bug_filter(); } else { $t_filter = user_get_bug_filter($t_user_id, $t_project_id); } } else { $t_filter = $p_custom_filter; } $t_filter = filter_ensure_valid_filter($t_filter); if (false === $t_filter) { return false; # signify a need to create a cookie #@@@ error instead? } $t_where_clauses = array("{$t_project_table}.enabled = 1", "{$t_project_table}.id = {$t_bug_table}.project_id"); $t_select_clauses = array("{$t_bug_table}.*"); $t_join_clauses = array(); $t_from_clauses = array(); if (ALL_PROJECTS == $t_project_id) { if (!user_is_administrator($t_user_id)) { $t_topprojects = $t_projects = user_get_accessible_projects($t_user_id); foreach ($t_topprojects as $t_project) { $t_projects = array_merge($t_projects, user_get_all_accessible_subprojects($t_user_id, $t_project)); } $t_projects = array_unique($t_projects); if (0 == count($t_projects)) { return array(); # no accessible projects, return an empty array } else { if (1 == count($t_projects)) { $t_project = $t_projects[0]; array_push($t_where_clauses, "( {$t_bug_table}.project_id={$t_project} )"); } else { array_push($t_where_clauses, "( {$t_bug_table}.project_id in (" . implode(', ', $t_projects) . ") )"); } } } } else { access_ensure_project_level(VIEWER, $t_project_id, $t_user_id); $t_projects = user_get_all_accessible_subprojects($t_user_id, $t_project_id); $t_projects[] = $t_project_id; $t_projects = array_unique($t_projects); if (1 == count($t_projects)) { $t_project = $t_projects[0]; array_push($t_where_clauses, "( {$t_bug_table}.project_id={$t_project} )"); } else { array_push($t_where_clauses, "( {$t_bug_table}.project_id in (" . implode(', ', $t_projects) . ") )"); } } # private bug selection if (!access_has_project_level(config_get('private_bug_threshold'), $t_project_id, $t_user_id)) { $t_public = VS_PUBLIC; $t_private = VS_PRIVATE; switch ($t_filter['view_state']) { case VS_PUBLIC: array_push($t_where_clauses, "({$t_bug_table}.view_state='{$t_public}')"); break; case VS_PRIVATE: array_push($t_where_clauses, "({$t_bug_table}.view_state='{$t_private}' AND {$t_bug_table}.reporter_id='{$t_user_id}')"); break; case META_FILTER_ANY: default: array_push($t_where_clauses, "({$t_bug_table}.view_state='{$t_public}' OR {$t_bug_table}.reporter_id='{$t_user_id}')"); break; } } else { $t_view_state = db_prepare_int($t_filter['view_state']); if ($t_filter['view_state'] !== META_FILTER_ANY && !is_blank($t_filter['view_state'])) { array_push($t_where_clauses, "({$t_bug_table}.view_state='{$t_view_state}')"); } } # reporter $t_any_found = false; foreach ($t_filter['reporter_id'] as $t_filter_member) { if (META_FILTER_ANY === $t_filter_member || 0 === $t_filter_member) { $t_any_found = true; } } if (count($t_filter['reporter_id']) == 0) { $t_any_found = true; } if (!$t_any_found) { $t_clauses = array(); foreach ($t_filter['reporter_id'] as $t_filter_member) { if (META_FILTER_NONE == $t_filter_member) { array_push($t_clauses, "0"); } else { $c_reporter_id = db_prepare_int($t_filter_member); if (META_FILTER_MYSELF == $c_reporter_id) { array_push($t_clauses, $c_user_id); } else { array_push($t_clauses, $c_reporter_id); } } } if (1 < count($t_clauses)) { array_push($t_where_clauses, "( {$t_bug_table}.reporter_id in (" . implode(', ', $t_clauses) . ") )"); } else { array_push($t_where_clauses, "( {$t_bug_table}.reporter_id={$t_clauses['0']} )"); } } # limit reporter # @@@ thraxisp - access_has_project_level checks greater than or equal to, # this assumed that there aren't any holes above REPORTER where the limit would apply # if (ON === $t_limit_reporters && !access_has_project_level(REPORTER + 1, $t_project_id, $t_user_id)) { $c_reporter_id = $c_user_id; array_push($t_where_clauses, "({$t_bug_table}.reporter_id='{$c_reporter_id}')"); } # handler $t_any_found = false; foreach ($t_filter['handler_id'] as $t_filter_member) { if (META_FILTER_ANY === $t_filter_member || 0 === $t_filter_member) { $t_any_found = true; } } if (count($t_filter['handler_id']) == 0) { $t_any_found = true; } if (!$t_any_found) { $t_clauses = array(); foreach ($t_filter['handler_id'] as $t_filter_member) { if (META_FILTER_NONE == $t_filter_member) { array_push($t_clauses, 0); } else { $c_handler_id = db_prepare_int($t_filter_member); if (META_FILTER_MYSELF == $c_handler_id) { array_push($t_clauses, $c_user_id); } else { array_push($t_clauses, $c_handler_id); } } } if (1 < count($t_clauses)) { array_push($t_where_clauses, "( {$t_bug_table}.handler_id in (" . implode(', ', $t_clauses) . ") )"); } else { array_push($t_where_clauses, "( {$t_bug_table}.handler_id={$t_clauses['0']} )"); } } # category $t_any_found = false; foreach ($t_filter['show_category'] as $t_filter_member) { if (META_FILTER_ANY == $t_filter_member && is_numeric($t_filter_member)) { $t_any_found = true; } } if (count($t_filter['show_category']) == 0) { $t_any_found = true; } if (!$t_any_found) { $t_clauses = array(); foreach ($t_filter['show_category'] as $t_filter_member) { $t_filter_member = stripslashes($t_filter_member); if (META_FILTER_NONE == $t_filter_member) { array_push($t_clauses, "''"); } else { $c_show_category = db_prepare_string($t_filter_member); array_push($t_clauses, "'{$c_show_category}'"); } } if (1 < count($t_clauses)) { array_push($t_where_clauses, "( {$t_bug_table}.category in (" . implode(', ', $t_clauses) . ") )"); } else { array_push($t_where_clauses, "( {$t_bug_table}.category={$t_clauses['0']} )"); } } # severity $t_any_found = false; foreach ($t_filter['show_severity'] as $t_filter_member) { if (META_FILTER_ANY == $t_filter_member || 0 === $t_filter_member) { $t_any_found = true; } } if (count($t_filter['show_severity']) == 0) { $t_any_found = true; } if (!$t_any_found) { $t_clauses = array(); foreach ($t_filter['show_severity'] as $t_filter_member) { $c_show_severity = db_prepare_int($t_filter_member); array_push($t_clauses, $c_show_severity); } if (1 < count($t_clauses)) { array_push($t_where_clauses, "( {$t_bug_table}.severity in (" . implode(', ', $t_clauses) . ") )"); } else { array_push($t_where_clauses, "( {$t_bug_table}.severity={$t_clauses['0']} )"); } } # show / hide status # take a list of all available statuses then remove the ones that we want hidden, then make sure # the ones we want shown are still available $t_status_arr = explode_enum_string(config_get('status_enum_string')); $t_available_statuses = array(); $t_desired_statuses = array(); foreach ($t_status_arr as $t_this_status) { $t_this_status_arr = explode_enum_arr($t_this_status); $t_available_statuses[] = $t_this_status_arr[0]; } if ('simple' == $t_filter['_view_type']) { # simple filtering: if showing any, restrict by the hide status value, otherwise ignore the hide $t_any_found = false; $t_this_status = $t_filter['show_status'][0]; $t_this_hide_status = $t_filter['hide_status'][0]; if (META_FILTER_ANY == $t_this_status || is_blank($t_this_status) || 0 === $t_this_status) { $t_any_found = true; } if ($t_any_found) { foreach ($t_available_statuses as $t_this_available_status) { if ($t_this_hide_status > $t_this_available_status) { $t_desired_statuses[] = $t_this_available_status; } } } else { $t_desired_statuses[] = $t_this_status; } } else { # advanced filtering: ignore the hide $t_any_found = false; foreach ($t_filter['show_status'] as $t_this_status) { $t_desired_statuses[] = $t_this_status; if (META_FILTER_ANY == $t_this_status || is_blank($t_this_status) || 0 === $t_this_status) { $t_any_found = true; } } if ($t_any_found) { $t_desired_statuses = array(); } } if (count($t_desired_statuses) > 0) { $t_clauses = array(); foreach ($t_desired_statuses as $t_filter_member) { $c_show_status = db_prepare_int($t_filter_member); array_push($t_clauses, $c_show_status); } if (1 < count($t_clauses)) { array_push($t_where_clauses, "( {$t_bug_table}.status in (" . implode(', ', $t_clauses) . ") )"); } else { array_push($t_where_clauses, "( {$t_bug_table}.status={$t_clauses['0']} )"); } } # resolution $t_any_found = false; foreach ($t_filter['show_resolution'] as $t_filter_member) { if (META_FILTER_ANY == $t_filter_member) { $t_any_found = true; } } if (count($t_filter['show_resolution']) == 0) { $t_any_found = true; } if (!$t_any_found) { $t_clauses = array(); foreach ($t_filter['show_resolution'] as $t_filter_member) { $c_show_resolution = db_prepare_int($t_filter_member); array_push($t_clauses, $c_show_resolution); } if (1 < count($t_clauses)) { array_push($t_where_clauses, "( {$t_bug_table}.resolution in (" . implode(', ', $t_clauses) . ") )"); } else { array_push($t_where_clauses, "( {$t_bug_table}.resolution={$t_clauses['0']} )"); } } # priority $t_any_found = false; foreach ($t_filter['show_priority'] as $t_filter_member) { if (META_FILTER_ANY == $t_filter_member || 0 === $t_filter_member) { $t_any_found = true; } } if (count($t_filter['show_priority']) == 0) { $t_any_found = true; } if (!$t_any_found) { $t_clauses = array(); foreach ($t_filter['show_priority'] as $t_filter_member) { $c_show_priority = db_prepare_int($t_filter_member); array_push($t_clauses, $c_show_priority); } if (1 < count($t_clauses)) { array_push($t_where_clauses, "( {$t_bug_table}.priority in (" . implode(', ', $t_clauses) . ") )"); } else { array_push($t_where_clauses, "( {$t_bug_table}.priority={$t_clauses['0']} )"); } } # product build $t_any_found = false; foreach ($t_filter['show_build'] as $t_filter_member) { if (META_FILTER_ANY == $t_filter_member && is_numeric($t_filter_member)) { $t_any_found = true; } } if (count($t_filter['show_build']) == 0) { $t_any_found = true; } if (!$t_any_found) { $t_clauses = array(); foreach ($t_filter['show_build'] as $t_filter_member) { $t_filter_member = stripslashes($t_filter_member); if (META_FILTER_NONE == $t_filter_member) { array_push($t_clauses, "''"); } else { $c_show_build = db_prepare_string($t_filter_member); array_push($t_clauses, "'{$c_show_build}'"); } } if (1 < count($t_clauses)) { array_push($t_where_clauses, "( {$t_bug_table}.build in (" . implode(', ', $t_clauses) . ") )"); } else { array_push($t_where_clauses, "( {$t_bug_table}.build={$t_clauses['0']} )"); } } # product version $t_any_found = false; foreach ($t_filter['show_version'] as $t_filter_member) { if (META_FILTER_ANY == $t_filter_member && is_numeric($t_filter_member)) { $t_any_found = true; } } if (count($t_filter['show_version']) == 0) { $t_any_found = true; } if (!$t_any_found) { $t_clauses = array(); foreach ($t_filter['show_version'] as $t_filter_member) { $t_filter_member = stripslashes($t_filter_member); if (META_FILTER_NONE == $t_filter_member) { array_push($t_clauses, "''"); } else { $c_show_version = db_prepare_string($t_filter_member); array_push($t_clauses, "'{$c_show_version}'"); } } if (1 < count($t_clauses)) { array_push($t_where_clauses, "( {$t_bug_table}.version in (" . implode(', ', $t_clauses) . ") )"); } else { array_push($t_where_clauses, "( {$t_bug_table}.version={$t_clauses['0']} )"); } } # profile $t_any_found = false; foreach ($t_filter['show_profile'] as $t_filter_member) { if (META_FILTER_ANY == $t_filter_member && is_numeric($t_filter_member)) { $t_any_found = true; } } if (count($t_filter['show_profile']) == 0) { $t_any_found = true; } if (!$t_any_found) { $t_clauses = array(); foreach ($t_filter['show_profile'] as $t_filter_member) { $t_filter_member = stripslashes($t_filter_member); if (META_FILTER_NONE == $t_filter_member) { array_push($t_clauses, "0"); } else { $c_show_profile = db_prepare_int($t_filter_member); array_push($t_clauses, "{$c_show_profile}"); } } if (1 < count($t_clauses)) { array_push($t_where_clauses, "( {$t_bug_table}.profile_id in (" . implode(', ', $t_clauses) . ") )"); } else { array_push($t_where_clauses, "( {$t_bug_table}.profile_id={$t_clauses['0']} )"); } } # date filter if ('on' == $t_filter['do_filter_by_date'] && is_numeric($t_filter['start_month']) && is_numeric($t_filter['start_day']) && is_numeric($t_filter['start_year']) && is_numeric($t_filter['end_month']) && is_numeric($t_filter['end_day']) && is_numeric($t_filter['end_year'])) { $t_start_string = db_prepare_string($t_filter['start_year'] . "-" . $t_filter['start_month'] . "-" . $t_filter['start_day'] . " 00:00:00"); $t_end_string = db_prepare_string($t_filter['end_year'] . "-" . $t_filter['end_month'] . "-" . $t_filter['end_day'] . " 23:59:59"); array_push($t_where_clauses, "({$t_bug_table}.date_submitted BETWEEN '{$t_start_string}' AND '{$t_end_string}' )"); } # fixed in version $t_any_found = false; foreach ($t_filter['fixed_in_version'] as $t_filter_member) { if (META_FILTER_ANY == $t_filter_member && is_numeric($t_filter_member)) { $t_any_found = true; } } if (count($t_filter['fixed_in_version']) == 0) { $t_any_found = true; } if (!$t_any_found) { $t_clauses = array(); foreach ($t_filter['fixed_in_version'] as $t_filter_member) { $t_filter_member = stripslashes($t_filter_member); if (META_FILTER_NONE == $t_filter_member) { array_push($t_clauses, "''"); } else { $c_fixed_in_version = db_prepare_string($t_filter_member); array_push($t_clauses, "'{$c_fixed_in_version}'"); } } if (1 < count($t_clauses)) { array_push($t_where_clauses, "( {$t_bug_table}.fixed_in_version in (" . implode(', ', $t_clauses) . ") )"); } else { array_push($t_where_clauses, "( {$t_bug_table}.fixed_in_version={$t_clauses['0']} )"); } } # users monitoring a bug $t_any_found = false; foreach ($t_filter['user_monitor'] as $t_filter_member) { if (META_FILTER_ANY == $t_filter_member || 0 === $t_filter_member) { $t_any_found = true; } } if (count($t_filter['user_monitor']) == 0) { $t_any_found = true; } if (!$t_any_found) { $t_clauses = array(); $t_table_name = 'user_monitor'; array_push($t_from_clauses, $t_bug_monitor_table); array_push($t_join_clauses, "LEFT JOIN {$t_bug_monitor_table} {$t_table_name} ON {$t_table_name}.bug_id = {$t_bug_table}.id"); foreach ($t_filter['user_monitor'] as $t_filter_member) { $c_user_monitor = db_prepare_int($t_filter_member); if (META_FILTER_MYSELF == $c_user_monitor) { array_push($t_clauses, $c_user_id); } else { array_push($t_clauses, $c_user_monitor); } } if (1 < count($t_clauses)) { array_push($t_where_clauses, "( {$t_table_name}.user_id in (" . implode(', ', $t_clauses) . ") )"); } else { array_push($t_where_clauses, "( {$t_table_name}.user_id={$t_clauses['0']} )"); } } # bug relationship $t_any_found = false; $c_rel_type = $t_filter['relationship_type']; $c_rel_bug = $t_filter['relationship_bug']; if (-1 == $c_rel_type || 0 == $c_rel_bug) { $t_any_found = true; } if (!$t_any_found) { # use the complementary type $c_rel_type = relationship_get_complementary_type($c_rel_type); $t_clauses = array(); $t_table_name = 'relationship'; array_push($t_from_clauses, $t_bug_relationship_table); array_push($t_join_clauses, "LEFT JOIN {$t_bug_relationship_table} {$t_table_name} ON {$t_table_name}.destination_bug_id = {$t_bug_table}.id"); // get reverse relationships if ($c_rel_type == 1) { array_push($t_join_clauses, "LEFT JOIN {$t_bug_relationship_table} {$t_table_name}" . "2 ON {$t_table_name}" . "2.source_bug_id = {$t_bug_table}.id"); } array_push($t_clauses, "({$t_table_name}.relationship_type='{$c_rel_type}' AND {$t_table_name}.source_bug_id='{$c_rel_bug}')"); // get reverse relationships if ($c_rel_type == 1) { array_push($t_clauses, "({$t_table_name}" . "2.relationship_type='{$c_rel_type}' AND {$t_table_name}" . "2.destination_bug_id='{$c_rel_bug}')"); } array_push($t_where_clauses, '(' . implode(' OR ', $t_clauses) . ')'); } # custom field filters if (ON == config_get('filter_by_custom_fields')) { # custom field filtering $t_custom_fields = custom_field_get_linked_ids($t_project_id); foreach ($t_custom_fields as $t_cfid) { $t_first_time = true; $t_custom_where_clause = ''; # Ignore all custom filters that are not set, or that are set to '' or "any" $t_any_found = false; foreach ($t_filter['custom_fields'][$t_cfid] as $t_filter_member) { if (META_FILTER_ANY == $t_filter_member && is_numeric($t_filter_member)) { $t_any_found = true; } } if (!isset($t_filter['custom_fields'][$t_cfid])) { $t_any_found = true; } if (!$t_any_found) { $t_def = custom_field_get_definition($t_cfid); $t_table_name = $t_custom_field_string_table . '_' . $t_cfid; # We need to filter each joined table or the result query will explode in dimensions # Each custom field will result in a exponential growth like Number_of_Issues^Number_of_Custom_Fields # and only after this process ends (if it is able to) the result query will be filtered # by the WHERE clause and by the DISTINCT clause $t_cf_join_clause = "LEFT JOIN {$t_custom_field_string_table} {$t_table_name} ON {$t_table_name}.bug_id = {$t_bug_table}.id AND {$t_table_name}.field_id = {$t_cfid} "; if ($t_def['type'] == CUSTOM_FIELD_TYPE_DATE) { switch ($t_filter['custom_fields'][$t_cfid][0]) { case CUSTOM_FIELD_DATE_ANY: break; case CUSTOM_FIELD_DATE_NONE: array_push($t_join_clauses, $t_cf_join_clause); $t_custom_where_clause = '(( ' . $t_table_name . '.bug_id is null) OR ( ' . $t_table_name . '.value = 0)'; break; case CUSTOM_FIELD_DATE_BEFORE: array_push($t_join_clauses, $t_cf_join_clause); $t_custom_where_clause = '(( ' . $t_table_name . '.value != 0 AND (' . $t_table_name . '.value+0) < ' . $t_filter['custom_fields'][$t_cfid][2] . ')'; break; case CUSTOM_FIELD_DATE_AFTER: array_push($t_join_clauses, $t_cf_join_clause); $t_custom_where_clause = '(( ' . $t_table_name . '.field_id = ' . $t_cfid . ' AND (' . $t_table_name . '.value+0) > ' . ($t_filter['custom_fields'][$t_cfid][1] + 1) . ')'; break; default: array_push($t_join_clauses, $t_cf_join_clause); $t_custom_where_clause = '(( ' . $t_table_name . '.field_id = ' . $t_cfid . ' AND (' . $t_table_name . '.value+0) BETWEEN ' . $t_filter['custom_fields'][$t_cfid][1] . ' AND ' . $t_filter['custom_fields'][$t_cfid][2] . ')'; break; } } else { array_push($t_join_clauses, $t_cf_join_clause); foreach ($t_filter['custom_fields'][$t_cfid] as $t_filter_member) { $t_filter_member = stripslashes($t_filter_member); if (META_FILTER_NONE === $t_filter_member) { # coerce filter value if selecting META_FILTER_NONE $t_filter_member = ''; } if ($t_first_time) { $t_first_time = false; $t_custom_where_clause = '('; } else { $t_custom_where_clause .= ' OR '; } $t_custom_where_clause .= "{$t_table_name}.value "; switch ($t_def['type']) { case CUSTOM_FIELD_TYPE_MULTILIST: case CUSTOM_FIELD_TYPE_CHECKBOX: $t_custom_where_clause .= "LIKE '%|"; $t_custom_where_clause_closing = "|%'"; break; default: $t_custom_where_clause .= "= '"; $t_custom_where_clause_closing = "'"; } $t_custom_where_clause .= db_prepare_string($t_filter_member); $t_custom_where_clause .= $t_custom_where_clause_closing; } } if (!is_blank($t_custom_where_clause)) { array_push($t_where_clauses, $t_custom_where_clause . ')'); } } } } $t_textsearch_where_clause = ''; $t_textsearch_wherejoin_clause = ''; # Simple Text Search - Thanks to Alan Knowles if (!is_blank($t_filter['search'])) { $c_search = db_prepare_string($t_filter['search']); $c_search_int = db_prepare_int($t_filter['search']); $t_textsearch_where_clause = "((summary LIKE '%{$c_search}%')\n\t\t\t\t\t\t\t OR ({$t_bug_text_table}.description LIKE '%{$c_search}%')\n\t\t\t\t\t\t\t OR ({$t_bug_text_table}.steps_to_reproduce LIKE '%{$c_search}%')\n\t\t\t\t\t\t\t OR ({$t_bug_text_table}.additional_information LIKE '%{$c_search}%')\n\t\t\t\t\t\t\t OR ({$t_bug_table}.id = '{$c_search_int}'))"; $t_textsearch_wherejoin_clause = "((summary LIKE '%{$c_search}%')\n\t\t\t\t\t\t\t OR ({$t_bug_text_table}.description LIKE '%{$c_search}%')\n\t\t\t\t\t\t\t OR ({$t_bug_text_table}.steps_to_reproduce LIKE '%{$c_search}%')\n\t\t\t\t\t\t\t OR ({$t_bug_text_table}.additional_information LIKE '%{$c_search}%')\n\t\t\t\t\t\t\t OR ({$t_bug_table}.id LIKE '%{$c_search}%')\n\t\t\t\t\t\t\t OR ({$t_bugnote_text_table}.note LIKE '%{$c_search}%'))"; array_push($t_where_clauses, "({$t_bug_text_table}.id = {$t_bug_table}.bug_text_id)"); $t_from_clauses = array($t_bug_text_table, $t_project_table, $t_bug_table); } else { $t_from_clauses = array($t_project_table, $t_bug_table); } $t_select = implode(', ', array_unique($t_select_clauses)); $t_from = 'FROM ' . implode(', ', array_unique($t_from_clauses)); $t_join = implode(' ', $t_join_clauses); if (count($t_where_clauses) > 0) { $t_where = 'WHERE ' . implode(' AND ', $t_where_clauses); } else { $t_where = ''; } # Possibly do two passes. First time, grab the IDs of issues that match the filters. Second time, grab the IDs of issues that # have bugnotes that match the text search if necessary. $t_id_array = array(); for ($i = 0; $i < 2; $i++) { $t_id_where = $t_where; $t_id_join = $t_join; if ($i == 0) { if (!is_blank($t_id_where) && !is_blank($t_textsearch_where_clause)) { $t_id_where = $t_id_where . ' AND ' . $t_textsearch_where_clause; } } else { if (!is_blank($t_textsearch_wherejoin_clause)) { $t_id_where = $t_id_where . ' AND ' . $t_textsearch_wherejoin_clause; $t_id_join = $t_id_join . " INNER JOIN {$t_bugnote_table} ON {$t_bugnote_table}.bug_id = {$t_bug_table}.id"; $t_id_join = $t_id_join . " INNER JOIN {$t_bugnote_text_table} ON {$t_bugnote_text_table}.id = {$t_bugnote_table}.bugnote_text_id"; } } $query = "SELECT DISTINCT {$t_bug_table}.id AS id\n\t\t\t\t\t\t{$t_from}\n\t\t\t\t\t\t{$t_id_join}\n\t\t\t\t\t\t{$t_id_where}"; if ($i == 0 || !is_blank($t_textsearch_wherejoin_clause)) { $result = db_query($query); $row_count = db_num_rows($result); for ($j = 0; $j < $row_count; $j++) { $row = db_fetch_array($result); $t_id_array[] = db_prepare_int($row['id']); } } } $t_id_array = array_unique($t_id_array); if (count($t_id_array) > 0) { $t_where = "WHERE {$t_bug_table}.id in (" . implode(", ", $t_id_array) . ")"; } else { $t_where = "WHERE 1 != 1"; } $t_from = 'FROM ' . $t_bug_table; # Get the total number of bugs that meet the criteria. $bug_count = count($t_id_array); # write the value back in case the caller wants to know $p_bug_count = $bug_count; if (null === $p_per_page) { $p_per_page = (int) $t_filter['per_page']; } else { if (-1 == $p_per_page) { $p_per_page = $bug_count; } } # Guard against silly values of $f_per_page. if (0 == $p_per_page) { $p_per_page = 1; } $p_per_page = (int) abs($p_per_page); # Use $bug_count and $p_per_page to determine how many pages # to split this list up into. # For the sake of consistency have at least one page, even if it # is empty. $t_page_count = ceil($bug_count / $p_per_page); if ($t_page_count < 1) { $t_page_count = 1; } # write the value back in case the caller wants to know $p_page_count = $t_page_count; # Make sure $p_page_number isn't past the last page. if ($p_page_number > $t_page_count) { $p_page_number = $t_page_count; } # Make sure $p_page_number isn't before the first page if ($p_page_number < 1) { $p_page_number = 1; } # Now add the rest of the criteria i.e. sorting, limit. # if sort is blank then default the sort and direction. This is to fix the # symptoms of #3953. Note that even if the main problem is fixed, we may # have to keep this code for a while to handle filters saved with this blank field. if (is_blank($t_filter['sort'])) { $t_filter['sort'] = 'last_updated'; $t_filter['dir'] = 'DESC'; } $t_order_array = array(); $t_sort_fields = split(',', $t_filter['sort']); $t_dir_fields = split(',', $t_filter['dir']); if ('on' == $t_filter['sticky_issues'] && NULL !== $p_show_sticky) { $t_order_array[] = "sticky DESC"; } for ($i = 0; $i < count($t_sort_fields); $i++) { $c_sort = db_prepare_string($t_sort_fields[$i]); if (!in_array($t_sort_fields[$i], array_slice($t_sort_fields, $i + 1))) { # if sorting by a custom field if (strpos($c_sort, 'custom_') === 0) { $t_custom_field = substr($c_sort, strlen('custom_')); $t_custom_field_id = custom_field_get_id_from_name($t_custom_field); $t_join .= " LEFT JOIN {$t_custom_field_string_table} ON ( ( {$t_custom_field_string_table}.bug_id = {$t_bug_table}.id ) AND ( {$t_custom_field_string_table}.field_id = {$t_custom_field_id} ) )"; $c_sort = "{$t_custom_field_string_table}.value"; $t_select_clauses[] = "{$t_custom_field_string_table}.value"; } if ('DESC' == $t_dir_fields[$i]) { $c_dir = 'DESC'; } else { $c_dir = 'ASC'; } $t_order_array[] = "{$c_sort} {$c_dir}"; } } # add basic sorting if necessary if (!in_array('last_updated', $t_sort_fields)) { $t_order_array[] = 'last_updated DESC'; } if (!in_array('date_submitted', $t_sort_fields)) { $t_order_array[] = 'date_submitted DESC'; } $t_order = " ORDER BY " . implode(', ', $t_order_array); $t_select = implode(', ', array_unique($t_select_clauses)); $query2 = "SELECT DISTINCT {$t_select}\n\t\t\t\t\t{$t_from}\n\t\t\t\t\t{$t_join}\n\t\t\t\t\t{$t_where}\n\t\t\t\t\t{$t_order}"; # Figure out the offset into the db query # # for example page number 1, per page 5: # t_offset = 0 # for example page number 2, per page 5: # t_offset = 5 $c_per_page = db_prepare_int($p_per_page); $c_page_number = db_prepare_int($p_page_number); $t_offset = ($c_page_number - 1) * $c_per_page; # perform query $result2 = db_query($query2, $c_per_page, $t_offset); $row_count = db_num_rows($result2); $rows = array(); for ($i = 0; $i < $row_count; $i++) { $row = db_fetch_array($result2); $row['date_submitted'] = db_unixtimestamp($row['date_submitted']); $row['last_updated'] = db_unixtimestamp($row['last_updated']); array_push($rows, $row); bug_add_to_cache($row); } return $rows; }
<?php /* PT.php runs regularly (2 minute intervals) from a cron job to get plan times for all relevant plans */ header("Content-type: text/plain"); $_SERVER['PWUSERS_DIR'] = "/home/planwatc/pwusers"; $_SERVER['FILE_ROOT'] = "/home/planwatc/public_html"; // limited security -- other users on our host could get a reg. users list, but // that's a minor risk. it would be nice to make this a bit better, though. // TODO:(v4.1) adjust the server's cron job to use system's fingerprint if ($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR'] && !user_is_administrator()) { redirect(); } $debug = $_GET['debug']; echo "DEBUG: {$debug}\n\n\n"; /* // MAIL_SUBMIT ================================================================= turned off until it gets fixed ---- TODO:(v4.5) fix mail submission. maybe get a gmail POP account for this? TODO:(v5) add SMS to mail gateway if there's any user interest http:// $lastmail_fn="$_SERVER[FILE_ROOT]/stats/lastmail"; if (!file_exists($lastmail_fn) || (@fileatime($lastmail_fn) < time() - 600)) { echo "<b>checking for email plan posts...</b>\n"; //include_once('mail_submit.php'); touch($lastmail_fn);
$c_enabled = db_prepare_bool($f_enabled); $c_user_id = db_prepare_int($f_user_id); $c_access_level = db_prepare_int($f_access_level); $t_user_table = db_get_table('user'); $t_old_protected = $t_user['protected']; # Ensure that users aren't escalating privileges of accounts beyond their # own global access level. access_ensure_global_level($f_access_level); # check that we are not downgrading the last administrator $t_admin_threshold = config_get_global('admin_site_threshold'); if (user_is_administrator($f_user_id) && $f_access_level < $t_admin_threshold && user_count_level($t_admin_threshold) <= 1) { trigger_error(ERROR_USER_CHANGE_LAST_ADMIN, ERROR); } # Project specific access rights override global levels, hence, for users who are changed # to be administrators, we have to remove project specific rights. if ($f_access_level >= $t_admin_threshold && !user_is_administrator($f_user_id)) { user_delete_project_specific_access_levels($f_user_id); } # if the user is already protected and the admin is not removing the # protected flag then don't update the access level and enabled flag. # If the user was unprotected or the protected flag is being turned off # then proceed with a full update. $query_params = array(); if ($f_protected && $t_old_protected) { $query = "UPDATE {$t_user_table}\n\t\t\tSET username="******", email=" . db_param() . ",\n\t\t\t\tprotected=" . db_param() . ", realname=" . db_param() . "\n\t\t\tWHERE id=" . db_param(); $query_params = array($c_username, $c_email, $c_protected, $c_realname, $c_user_id); } else { $query = "UPDATE {$t_user_table}\n\t\t\tSET username="******", email=" . db_param() . ",\n\t\t\t\taccess_level=" . db_param() . ", enabled=" . db_param() . ",\n\t\t\t\tprotected=" . db_param() . ", realname=" . db_param() . "\n\t\t\tWHERE id=" . db_param(); $query_params = array($c_username, $c_email, $c_access_level, $c_enabled, $c_protected, $c_realname, $c_user_id); } $result = db_query_bound($query, $query_params);
* * @uses check_api.php * @uses config_api.php * @uses user_api.php */ if (!defined('CHECK_ANONYMOUS_INC_ALLOW')) { return; } /** * MantisBT Check API */ require_once 'check_api.php'; require_api('config_api.php'); require_api('user_api.php'); check_print_section_header_row('Anonymous access'); $t_anonymous_access_enabled = config_get_global('allow_anonymous_login'); check_print_info_row('Anonymous access is enabled', $t_anonymous_access_enabled ? 'Yes' : 'No'); if (!$t_anonymous_access_enabled) { return; } $t_anonymous_account = config_get_global('anonymous_account'); check_print_test_row('anonymous_account configuration option is specified', $t_anonymous_account !== '', array(true => 'The account currently being used for anonymous access is: ' . htmlentities($t_anonymous_account), false => 'The anonymous_account configuration option must specify the username of an account to use for anonymous logins.')); if ($t_anonymous_account === '') { return; } $t_anonymous_user_id = user_get_id_by_name($t_anonymous_account); check_print_test_row('anonymous_account is a valid user account', $t_anonymous_user_id !== false, array(false => 'You need to specify a valid user account to use with the anonymous_account configuration options.')); check_print_test_row('anonymous_account user has the enabled flag set', user_is_enabled($t_anonymous_user_id), array(false => 'The anonymous user account must be enabled before it can be used.')); check_print_test_row('anonymous_account user has the protected flag set', user_get_field($t_anonymous_user_id, 'protected'), array(false => 'The anonymous user account needs to have the protected flag set to prevent anonymous users modifying the account.')); check_print_test_row('anonymous_account user does not have administrator permissions', !user_is_administrator($t_anonymous_user_id), array(true => 'The anonymous user account currently has an access level of: ' . htmlentities(get_enum_element('access_levels', user_get_access_level($t_anonymous_user_id))), false => 'The anonymous user account should not have administrator level permissions.'));
return; } $t_anonymous_user_id = user_get_id_by_name( $t_anonymous_account ); check_print_test_row( 'anonymous_account is a valid user account', $t_anonymous_user_id !== false, array( false => 'You need to specify a valid user account to use with the anonymous_account configuration options.' ) ); check_print_test_row( 'anonymous_account user has the enabled flag set', user_is_enabled( $t_anonymous_user_id ), array( false => 'The anonymous user account must be enabled before it can be used.' ) ); check_print_test_row( 'anonymous_account user has the protected flag set', user_get_field( $t_anonymous_user_id, 'protected' ), array( false => 'The anonymous user account needs to have the protected flag set to prevent anonymous users modifying the account.' ) ); check_print_test_row( 'anonymous_account user does not have administrator permissions', !user_is_administrator( $t_anonymous_user_id ), array( true => 'The anonymous user account currently has an access level of: ' . htmlentities( get_enum_element( 'access_levels', user_get_access_level( $t_anonymous_user_id ) ) ), false => 'The anonymous user account should not have administrator level permissions.' ) );
} // URL Authentication // used by people who are doing looks from different users than their // logged in users (this includes basically josh and johnnie) //------------------------------------------------------------------- $urlarray = explode('/', $_SERVER['REQUEST_URI']); $urlarray_count = count($urlarray); // if we haven't found a fingerprint so far, we check for a fingerprint in the url if (user_verify_fingerprint($urlarray[$urlarray_count - 1])) { // FINGERPRINT IS LAST ITEM IN URL ARRAY } elseif (user_verify_fingerprint(user_get_fingerprint($urlarray[$urlarray_count - 2], $urlarray[$urlarray_count - 1]))) { // USER AND PASS ARE LAST TWO ITEMS IN URL ARRAY } else { if (user_verify_fingerprint($_COOKIE[$_SERVER['AUTH_COOKIE']])) { // VALID USER COOKIE FOUND if (user_is_administrator() && user_verify_fingerprint($_COOKIE['mau'])) { // MASQUERADING IS ON $_SERVER['MASQUERADE'] = TRUE; } else { $_SERVER['MASQUERADE'] = FALSE; } } elseif (user_verify_fingerprint($sid)) { // VALID SESSION ID FOUND $_SERVER["SESSION_ID"] = $sid; } elseif (user_verify_fingerprint($_POST[$_SERVER['AUTH_COOKIE']])) { // VALID FINGERPRINT VIA POST // this is so the write form can't expire even if the user leaves it // up past cookie expiry. } } // Cookie Updates
if (ON == config_get('send_reset_password') && ON == config_get('enable_email_notification')) { echo lang_get('reset_password_msg'); } else { echo lang_get('reset_password_msg2'); } ?> </div> <?php } } ?> <!-- PROJECT ACCESS (if permissions allow) and user is not ADMINISTRATOR --> <?php if (access_has_global_level(config_get('manage_user_threshold')) && !user_is_administrator($t_user_id)) { ?> <br /> <div align="center"> <table class="width75" cellspacing="1"> <!-- Title --> <tr> <td class="form-title" colspan="2"> <?php echo lang_get('add_user_title'); ?> </td> </tr> <!-- Assigned Projects --> <tr <?php
function filter_get_bug_rows(&$p_page_number, &$p_per_page, &$p_page_count, &$p_bug_count, $p_custom_filter = null, $p_project_id = null, $p_user_id = null, $p_show_sticky = null) { log_event(LOG_FILTERING, 'FILTERING: START NEW FILTER QUERY'); $t_bug_table = config_get('mantis_bug_table'); $t_bug_text_table = config_get('mantis_bug_text_table'); $t_bugnote_table = config_get('mantis_bugnote_table'); $t_custom_field_string_table = config_get('mantis_custom_field_string_table'); $t_bugnote_text_table = config_get('mantis_bugnote_text_table'); $t_project_table = config_get('mantis_project_table'); $t_bug_monitor_table = config_get('mantis_bug_monitor_table'); $t_limit_reporters = config_get('limit_reporters'); $t_bug_relationship_table = config_get('mantis_bug_relationship_table'); $t_report_bug_threshold = config_get('report_bug_threshold'); $t_current_user_id = auth_get_current_user_id(); if (null === $p_user_id) { $t_user_id = $t_current_user_id; } else { $t_user_id = $p_user_id; } $c_user_id = db_prepare_int($t_user_id); if (null === $p_project_id) { # @@@ If project_id is not specified, then use the project id(s) in the filter if set, otherwise, use current project. $t_project_id = helper_get_current_project(); } else { $t_project_id = $p_project_id; } if ($p_custom_filter === null) { # Prefer current_user_get_bug_filter() over user_get_filter() when applicable since it supports # cookies set by previous version of the code. if ($t_user_id == $t_current_user_id) { $t_filter = current_user_get_bug_filter(); } else { $t_filter = user_get_bug_filter($t_user_id, $t_project_id); } } else { $t_filter = $p_custom_filter; } $t_filter = filter_ensure_valid_filter($t_filter); if (false === $t_filter) { return false; # signify a need to create a cookie #@@@ error instead? } $t_view_type = $t_filter['_view_type']; $t_where_clauses = array("{$t_project_table}.enabled = 1", "{$t_project_table}.id = {$t_bug_table}.project_id"); $t_select_clauses = array("{$t_bug_table}.*"); $t_join_clauses = array(); $t_from_clauses = array(); // normalize the project filtering into an array $t_project_ids if ('simple' == $t_view_type) { log_event(LOG_FILTERING, 'FILTERING: Simple Filter'); $t_project_ids = array($t_project_id); $t_include_sub_projects = true; } else { log_event(LOG_FILTERING, 'FILTERING: Advanced Filter'); if (!is_array($t_filter['project_id'])) { $t_project_ids = array(db_prepare_int($t_filter['project_id'])); } else { $t_project_ids = array_map('db_prepare_int', $t_filter['project_id']); } $t_include_sub_projects = count($t_project_ids) == 1 && $t_project_ids[0] == META_FILTER_CURRENT; } log_event(LOG_FILTERING, 'FILTERING: project_ids = ' . implode(',', $t_project_ids)); log_event(LOG_FILTERING, 'FILTERING: include sub-projects = ' . ($t_include_sub_projects ? '1' : '0')); // if the array has ALL_PROJECTS, then reset the array to only contain ALL_PROJECTS. // replace META_FILTER_CURRENT with the actualy current project id. $t_all_projects_found = false; $t_new_project_ids = array(); foreach ($t_project_ids as $t_pid) { if ($t_pid == META_FILTER_CURRENT) { $t_pid = $t_project_id; } if ($t_pid == ALL_PROJECTS) { $t_all_projects_found = true; log_event(LOG_FILTERING, 'FILTERING: all projects selected'); break; } // filter out inaccessible projects. if (!access_has_project_level(VIEWER, $t_pid, $t_user_id)) { continue; } $t_new_project_ids[] = $t_pid; } $t_projects_query_required = true; if ($t_all_projects_found) { if (user_is_administrator($t_user_id)) { log_event(LOG_FILTERING, 'FILTERING: all projects + administrator, hence no project filter.'); $t_projects_query_required = false; } else { $t_project_ids = user_get_accessible_projects($t_user_id); } } else { $t_project_ids = $t_new_project_ids; } if ($t_projects_query_required) { // expand project ids to include sub-projects if ($t_include_sub_projects) { $t_top_project_ids = $t_project_ids; foreach ($t_top_project_ids as $t_pid) { log_event(LOG_FILTERING, 'FILTERING: Getting sub-projects for project id ' . $t_pid); $t_project_ids = array_merge($t_project_ids, user_get_all_accessible_subprojects($t_user_id, $t_pid)); } $t_project_ids = array_unique($t_project_ids); } // if no projects are accessible, then return an empty array. if (count($t_project_ids) == 0) { log_event(LOG_FILTERING, 'FILTERING: no accessible projects'); return array(); } log_event(LOG_FILTERING, 'FILTERING: project_ids after including sub-projects = ' . implode(',', $t_project_ids)); // this array is to be populated with project ids for which we only want to show public issues. This is due to the limited // access of the current user. $t_public_only_project_ids = array(); // this array is populated with project ids that the current user has full access to. $t_private_and_public_project_ids = array(); $t_access_required_to_view_private_bugs = config_get('private_bug_threshold'); foreach ($t_project_ids as $t_pid) { if (access_has_project_level($t_access_required_to_view_private_bugs, $t_pid, $t_user_id)) { $t_private_and_public_project_ids[] = $t_pid; } else { $t_public_only_project_ids[] = $t_pid; } } log_event(LOG_FILTERING, 'FILTERING: project_ids (with public/private access) = ' . implode(',', $t_private_and_public_project_ids)); log_event(LOG_FILTERING, 'FILTERING: project_ids (with public access) = ' . implode(',', $t_public_only_project_ids)); $t_count_private_and_public_project_ids = count($t_private_and_public_project_ids); if ($t_count_private_and_public_project_ids == 1) { $t_private_and_public_query = "( {$t_bug_table}.project_id = " . $t_private_and_public_project_ids[0] . " )"; } else { if ($t_count_private_and_public_project_ids > 1) { $t_private_and_public_query = "( {$t_bug_table}.project_id in (" . implode(', ', $t_private_and_public_project_ids) . ") )"; } else { $t_private_and_public_query = null; } } $t_count_public_only_project_ids = count($t_public_only_project_ids); $t_public_view_state_check = "( ( {$t_bug_table}.view_state = " . VS_PUBLIC . " ) OR ( {$t_bug_table}.reporter_id = {$t_user_id} ) )"; if ($t_count_public_only_project_ids == 1) { $t_public_only_query = "( ( {$t_bug_table}.project_id = " . $t_public_only_project_ids[0] . " ) AND {$t_public_view_state_check} )"; } else { if ($t_count_public_only_project_ids > 1) { $t_public_only_query = "( ( {$t_bug_table}.project_id in (" . implode(', ', $t_public_only_project_ids) . ") ) AND {$t_public_view_state_check} )"; } else { $t_public_only_query = null; } } // both queries can't be null, so we either have one of them or both. if ($t_private_and_public_query === null) { $t_project_query = $t_public_only_query; } else { if ($t_public_only_query === null) { $t_project_query = $t_private_and_public_query; } else { $t_project_query = "( {$t_public_only_query} OR {$t_private_and_public_query} )"; } } log_event(LOG_FILTERING, 'FILTERING: project query = ' . $t_project_query); array_push($t_where_clauses, $t_project_query); } # view state $t_view_state = db_prepare_int($t_filter['view_state']); if ($t_filter['view_state'] !== META_FILTER_ANY && !is_blank($t_filter['view_state'])) { $t_view_state_query = "({$t_bug_table}.view_state='{$t_view_state}')"; log_event(LOG_FILTERING, 'FILTERING: view_state query = ' . $t_view_state_query); array_push($t_where_clauses, $t_view_state_query); } else { log_event(LOG_FILTERING, 'FILTERING: no view_state query'); } # reporter $t_any_found = false; foreach ($t_filter['reporter_id'] as $t_filter_member) { if (META_FILTER_ANY === $t_filter_member || 0 === $t_filter_member) { $t_any_found = true; } } if (count($t_filter['reporter_id']) == 0) { $t_any_found = true; } if (!$t_any_found) { $t_clauses = array(); foreach ($t_filter['reporter_id'] as $t_filter_member) { if (META_FILTER_NONE == $t_filter_member) { array_push($t_clauses, "0"); } else { $c_reporter_id = db_prepare_int($t_filter_member); if (META_FILTER_MYSELF == $c_reporter_id) { array_push($t_clauses, $c_user_id); } else { array_push($t_clauses, $c_reporter_id); } } } if (1 < count($t_clauses)) { $t_reporter_query = "( {$t_bug_table}.reporter_id in (" . implode(', ', $t_clauses) . ") )"; } else { $t_reporter_query = "( {$t_bug_table}.reporter_id={$t_clauses['0']} )"; } log_event(LOG_FILTERING, 'FILTERING: reporter query = ' . $t_reporter_query); array_push($t_where_clauses, $t_reporter_query); } else { log_event(LOG_FILTERING, 'FILTERING: no reporter query'); } # limit reporter # @@@ thraxisp - access_has_project_level checks greater than or equal to, # this assumed that there aren't any holes above REPORTER where the limit would apply # if (ON === $t_limit_reporters && !access_has_project_level(REPORTER + 1, $t_project_id, $t_user_id)) { $c_reporter_id = $c_user_id; array_push($t_where_clauses, "({$t_bug_table}.reporter_id='{$c_reporter_id}')"); } # handler $t_any_found = false; foreach ($t_filter['handler_id'] as $t_filter_member) { if (META_FILTER_ANY === $t_filter_member || 0 === $t_filter_member) { $t_any_found = true; } } if (count($t_filter['handler_id']) == 0) { $t_any_found = true; } if (!$t_any_found) { $t_clauses = array(); foreach ($t_filter['handler_id'] as $t_filter_member) { if (META_FILTER_NONE == $t_filter_member) { array_push($t_clauses, 0); } else { $c_handler_id = db_prepare_int($t_filter_member); if (META_FILTER_MYSELF == $c_handler_id) { array_push($t_clauses, $c_user_id); } else { array_push($t_clauses, $c_handler_id); } } } if (1 < count($t_clauses)) { $t_handler_query = "( {$t_bug_table}.handler_id in (" . implode(', ', $t_clauses) . ") )"; } else { $t_handler_query = "( {$t_bug_table}.handler_id={$t_clauses['0']} )"; } log_event(LOG_FILTERING, 'FILTERING: handler query = ' . $t_handler_query); array_push($t_where_clauses, $t_handler_query); } else { log_event(LOG_FILTERING, 'FILTERING: no handler query'); } # category if (!_filter_is_any($t_filter['show_category'])) { $t_clauses = array(); foreach ($t_filter['show_category'] as $t_filter_member) { $t_filter_member = stripslashes($t_filter_member); if (META_FILTER_NONE == $t_filter_member) { array_push($t_clauses, "''"); } else { $c_show_category = db_prepare_string($t_filter_member); array_push($t_clauses, "'{$c_show_category}'"); } } if (1 < count($t_clauses)) { array_push($t_where_clauses, "( {$t_bug_table}.category in (" . implode(', ', $t_clauses) . ") )"); } else { array_push($t_where_clauses, "( {$t_bug_table}.category={$t_clauses['0']} )"); } } # severity $t_any_found = false; foreach ($t_filter['show_severity'] as $t_filter_member) { if (META_FILTER_ANY == $t_filter_member || 0 === $t_filter_member) { $t_any_found = true; } } if (count($t_filter['show_severity']) == 0) { $t_any_found = true; } if (!$t_any_found) { $t_clauses = array(); foreach ($t_filter['show_severity'] as $t_filter_member) { $c_show_severity = db_prepare_int($t_filter_member); array_push($t_clauses, $c_show_severity); } if (1 < count($t_clauses)) { array_push($t_where_clauses, "( {$t_bug_table}.severity in (" . implode(', ', $t_clauses) . ") )"); } else { array_push($t_where_clauses, "( {$t_bug_table}.severity={$t_clauses['0']} )"); } } # show / hide status # take a list of all available statuses then remove the ones that we want hidden, then make sure # the ones we want shown are still available $t_status_arr = explode_enum_string(config_get('status_enum_string')); $t_available_statuses = array(); $t_desired_statuses = array(); foreach ($t_status_arr as $t_this_status) { $t_this_status_arr = explode_enum_arr($t_this_status); $t_available_statuses[] = $t_this_status_arr[0]; } if ('simple' == $t_filter['_view_type']) { # simple filtering: if showing any, restrict by the hide status value, otherwise ignore the hide $t_any_found = false; $t_this_status = $t_filter['show_status'][0]; $t_this_hide_status = $t_filter['hide_status'][0]; if (META_FILTER_ANY == $t_this_status || is_blank($t_this_status) || 0 === $t_this_status) { $t_any_found = true; } if ($t_any_found) { foreach ($t_available_statuses as $t_this_available_status) { if ($t_this_hide_status > $t_this_available_status) { $t_desired_statuses[] = $t_this_available_status; } } } else { $t_desired_statuses[] = $t_this_status; } } else { # advanced filtering: ignore the hide $t_any_found = false; foreach ($t_filter['show_status'] as $t_this_status) { $t_desired_statuses[] = $t_this_status; if (META_FILTER_ANY == $t_this_status || is_blank($t_this_status) || 0 === $t_this_status) { $t_any_found = true; } } if ($t_any_found) { $t_desired_statuses = array(); } } if (count($t_desired_statuses) > 0) { $t_clauses = array(); foreach ($t_desired_statuses as $t_filter_member) { $c_show_status = db_prepare_int($t_filter_member); array_push($t_clauses, $c_show_status); } if (1 < count($t_clauses)) { array_push($t_where_clauses, "( {$t_bug_table}.status in (" . implode(', ', $t_clauses) . ") )"); } else { array_push($t_where_clauses, "( {$t_bug_table}.status={$t_clauses['0']} )"); } } # resolution $t_any_found = false; foreach ($t_filter['show_resolution'] as $t_filter_member) { if (META_FILTER_ANY == $t_filter_member) { $t_any_found = true; } } if (count($t_filter['show_resolution']) == 0) { $t_any_found = true; } if (!$t_any_found) { $t_clauses = array(); foreach ($t_filter['show_resolution'] as $t_filter_member) { $c_show_resolution = db_prepare_int($t_filter_member); array_push($t_clauses, $c_show_resolution); } if (1 < count($t_clauses)) { array_push($t_where_clauses, "( {$t_bug_table}.resolution in (" . implode(', ', $t_clauses) . ") )"); } else { array_push($t_where_clauses, "( {$t_bug_table}.resolution={$t_clauses['0']} )"); } } # priority $t_any_found = false; foreach ($t_filter['show_priority'] as $t_filter_member) { if (META_FILTER_ANY == $t_filter_member || 0 === $t_filter_member) { $t_any_found = true; } } if (count($t_filter['show_priority']) == 0) { $t_any_found = true; } if (!$t_any_found) { $t_clauses = array(); foreach ($t_filter['show_priority'] as $t_filter_member) { $c_show_priority = db_prepare_int($t_filter_member); array_push($t_clauses, $c_show_priority); } if (1 < count($t_clauses)) { array_push($t_where_clauses, "( {$t_bug_table}.priority in (" . implode(', ', $t_clauses) . ") )"); } else { array_push($t_where_clauses, "( {$t_bug_table}.priority={$t_clauses['0']} )"); } } # product build $t_any_found = false; foreach ($t_filter['show_build'] as $t_filter_member) { if (META_FILTER_ANY == $t_filter_member && is_numeric($t_filter_member)) { $t_any_found = true; } } if (count($t_filter['show_build']) == 0) { $t_any_found = true; } if (!$t_any_found) { $t_clauses = array(); foreach ($t_filter['show_build'] as $t_filter_member) { $t_filter_member = stripslashes($t_filter_member); if (META_FILTER_NONE == $t_filter_member) { array_push($t_clauses, "''"); } else { $c_show_build = db_prepare_string($t_filter_member); array_push($t_clauses, "'{$c_show_build}'"); } } if (1 < count($t_clauses)) { array_push($t_where_clauses, "( {$t_bug_table}.build in (" . implode(', ', $t_clauses) . ") )"); } else { array_push($t_where_clauses, "( {$t_bug_table}.build={$t_clauses['0']} )"); } } # product version if (!_filter_is_any($t_filter['show_version'])) { $t_clauses = array(); foreach ($t_filter['show_version'] as $t_filter_member) { $t_filter_member = stripslashes($t_filter_member); if (META_FILTER_NONE == $t_filter_member) { array_push($t_clauses, "''"); } else { $c_show_version = db_prepare_string($t_filter_member); array_push($t_clauses, "'{$c_show_version}'"); } } if (1 < count($t_clauses)) { array_push($t_where_clauses, "( {$t_bug_table}.version in (" . implode(', ', $t_clauses) . ") )"); } else { array_push($t_where_clauses, "( {$t_bug_table}.version={$t_clauses['0']} )"); } } # profile if (!_filter_is_any($t_filter['show_profile'])) { $t_clauses = array(); foreach ($t_filter['show_profile'] as $t_filter_member) { $t_filter_member = stripslashes($t_filter_member); if (META_FILTER_NONE == $t_filter_member) { array_push($t_clauses, "0"); } else { $c_show_profile = db_prepare_int($t_filter_member); array_push($t_clauses, "{$c_show_profile}"); } } if (1 < count($t_clauses)) { array_push($t_where_clauses, "( {$t_bug_table}.profile_id in (" . implode(', ', $t_clauses) . ") )"); } else { array_push($t_where_clauses, "( {$t_bug_table}.profile_id={$t_clauses['0']} )"); } } # platform if (!_filter_is_any($t_filter['platform'])) { $t_clauses = array(); foreach ($t_filter['platform'] as $t_filter_member) { $t_filter_member = stripslashes($t_filter_member); if (META_FILTER_NONE == $t_filter_member) { array_push($t_clauses, ''); } else { $c_platform = db_prepare_string($t_filter_member); array_push($t_clauses, "'{$c_platform}'"); } } if (1 < count($t_clauses)) { array_push($t_where_clauses, "( {$t_bug_table}.platform in (" . implode(', ', $t_clauses) . ") )"); } else { array_push($t_where_clauses, "( {$t_bug_table}.platform = {$t_clauses['0']} )"); } } # os if (!_filter_is_any($t_filter['os'])) { $t_clauses = array(); foreach ($t_filter['os'] as $t_filter_member) { $t_filter_member = stripslashes($t_filter_member); if (META_FILTER_NONE == $t_filter_member) { array_push($t_clauses, ''); } else { $c_os = db_prepare_string($t_filter_member); array_push($t_clauses, "'{$c_os}'"); } } if (1 < count($t_clauses)) { array_push($t_where_clauses, "( {$t_bug_table}.os in (" . implode(', ', $t_clauses) . ") )"); } else { array_push($t_where_clauses, "( {$t_bug_table}.os = {$t_clauses['0']} )"); } } # os_build if (!_filter_is_any($t_filter['os_build'])) { $t_clauses = array(); foreach ($t_filter['os_build'] as $t_filter_member) { $t_filter_member = stripslashes($t_filter_member); if (META_FILTER_NONE == $t_filter_member) { array_push($t_clauses, ''); } else { $c_os_build = db_prepare_string($t_filter_member); array_push($t_clauses, "'{$c_os_build}'"); } } if (1 < count($t_clauses)) { array_push($t_where_clauses, "( {$t_bug_table}.os_build in (" . implode(', ', $t_clauses) . ") )"); } else { array_push($t_where_clauses, "( {$t_bug_table}.os_build = {$t_clauses['0']} )"); } } # date filter if ('on' == $t_filter['do_filter_by_date'] && is_numeric($t_filter['start_month']) && is_numeric($t_filter['start_day']) && is_numeric($t_filter['start_year']) && is_numeric($t_filter['end_month']) && is_numeric($t_filter['end_day']) && is_numeric($t_filter['end_year'])) { $t_start_string = db_prepare_string($t_filter['start_year'] . "-" . $t_filter['start_month'] . "-" . $t_filter['start_day'] . " 00:00:00"); $t_end_string = db_prepare_string($t_filter['end_year'] . "-" . $t_filter['end_month'] . "-" . $t_filter['end_day'] . " 23:59:59"); array_push($t_where_clauses, "({$t_bug_table}.date_submitted BETWEEN '{$t_start_string}' AND '{$t_end_string}' )"); } # fixed in version if (!_filter_is_any($t_filter['fixed_in_version'])) { $t_clauses = array(); foreach ($t_filter['fixed_in_version'] as $t_filter_member) { $t_filter_member = stripslashes($t_filter_member); if (META_FILTER_NONE == $t_filter_member) { array_push($t_clauses, "''"); } else { $c_fixed_in_version = db_prepare_string($t_filter_member); array_push($t_clauses, "'{$c_fixed_in_version}'"); } } if (1 < count($t_clauses)) { array_push($t_where_clauses, "( {$t_bug_table}.fixed_in_version in (" . implode(', ', $t_clauses) . ") )"); } else { array_push($t_where_clauses, "( {$t_bug_table}.fixed_in_version={$t_clauses['0']} )"); } } # target version if (!_filter_is_any($t_filter['target_version'])) { $t_clauses = array(); foreach ($t_filter['target_version'] as $t_filter_member) { $t_filter_member = stripslashes($t_filter_member); if (META_FILTER_NONE == $t_filter_member) { array_push($t_clauses, "''"); } else { $c_target_version = db_prepare_string($t_filter_member); array_push($t_clauses, "'{$c_target_version}'"); } } #echo var_dump( $t_clauses ); exit; if (1 < count($t_clauses)) { array_push($t_where_clauses, "( {$t_bug_table}.target_version in (" . implode(', ', $t_clauses) . ") )"); } else { array_push($t_where_clauses, "( {$t_bug_table}.target_version={$t_clauses['0']} )"); } } # users monitoring a bug $t_any_found = false; foreach ($t_filter['user_monitor'] as $t_filter_member) { if (META_FILTER_ANY == $t_filter_member || 0 === $t_filter_member) { $t_any_found = true; } } if (count($t_filter['user_monitor']) == 0) { $t_any_found = true; } if (!$t_any_found) { $t_clauses = array(); $t_table_name = 'user_monitor'; array_push($t_from_clauses, $t_bug_monitor_table); array_push($t_join_clauses, "LEFT JOIN {$t_bug_monitor_table} {$t_table_name} ON {$t_table_name}.bug_id = {$t_bug_table}.id"); foreach ($t_filter['user_monitor'] as $t_filter_member) { $c_user_monitor = db_prepare_int($t_filter_member); if (META_FILTER_MYSELF == $c_user_monitor) { array_push($t_clauses, $c_user_id); } else { array_push($t_clauses, $c_user_monitor); } } if (1 < count($t_clauses)) { array_push($t_where_clauses, "( {$t_table_name}.user_id in (" . implode(', ', $t_clauses) . ") )"); } else { array_push($t_where_clauses, "( {$t_table_name}.user_id={$t_clauses['0']} )"); } } # bug relationship $t_any_found = false; $c_rel_type = $t_filter['relationship_type']; $c_rel_bug = $t_filter['relationship_bug']; if (-1 == $c_rel_type || 0 == $c_rel_bug) { $t_any_found = true; } if (!$t_any_found) { # use the complementary type $t_comp_type = relationship_get_complementary_type($c_rel_type); $t_clauses = array(); $t_table_name = 'relationship'; array_push($t_from_clauses, $t_bug_relationship_table); array_push($t_join_clauses, "LEFT JOIN {$t_bug_relationship_table} {$t_table_name} ON {$t_table_name}.destination_bug_id = {$t_bug_table}.id"); array_push($t_join_clauses, "LEFT JOIN {$t_bug_relationship_table} {$t_table_name}2 ON {$t_table_name}2.source_bug_id = {$t_bug_table}.id"); // get reverse relationships array_push($t_clauses, "({$t_table_name}.relationship_type='{$t_comp_type}' AND {$t_table_name}.source_bug_id='{$c_rel_bug}')"); array_push($t_clauses, "({$t_table_name}" . "2.relationship_type='{$c_rel_type}' AND {$t_table_name}" . "2.destination_bug_id='{$c_rel_bug}')"); array_push($t_where_clauses, '(' . implode(' OR ', $t_clauses) . ')'); } # tags $c_tag_string = trim($t_filter['tag_string']); if (!is_blank($c_tag_string)) { $t_tags = tag_parse_filters($c_tag_string); if (count($t_tags)) { $t_tags_all = array(); $t_tags_any = array(); $t_tags_none = array(); foreach ($t_tags as $t_tag_row) { switch ($t_tag_row['filter']) { case 1: $t_tags_all[] = $t_tag_row; break; case 0: $t_tags_any[] = $t_tag_row; break; case -1: $t_tags_none[] = $t_tag_row; break; } } if (0 < $t_filter['tag_select'] && tag_exists($t_filter['tag_select'])) { $t_tags_any[] = tag_get($t_filter['tag_select']); } $t_bug_tag_table = config_get('mantis_bug_tag_table'); if (count($t_tags_all)) { $t_clauses = array(); foreach ($t_tags_all as $t_tag_row) { array_push($t_clauses, "{$t_bug_table}.id IN ( SELECT bug_id FROM {$t_bug_tag_table} WHERE {$t_bug_tag_table}.tag_id = {$t_tag_row['id']} )"); } array_push($t_where_clauses, '(' . implode(' AND ', $t_clauses) . ')'); } if (count($t_tags_any)) { $t_clauses = array(); foreach ($t_tags_any as $t_tag_row) { array_push($t_clauses, "{$t_bug_tag_table}.tag_id = {$t_tag_row['id']}"); } array_push($t_where_clauses, "{$t_bug_table}.id IN ( SELECT bug_id FROM {$t_bug_tag_table} WHERE ( " . implode(' OR ', $t_clauses) . ') )'); } if (count($t_tags_none)) { $t_clauses = array(); foreach ($t_tags_none as $t_tag_row) { array_push($t_clauses, "{$t_bug_tag_table}.tag_id = {$t_tag_row['id']}"); } array_push($t_where_clauses, "{$t_bug_table}.id NOT IN ( SELECT bug_id FROM {$t_bug_tag_table} WHERE ( " . implode(' OR ', $t_clauses) . ') )'); } } } # custom field filters if (ON == config_get('filter_by_custom_fields')) { # custom field filtering # @@@ At the moment this gets the linked fields relating to the current project # It should get the ones relating to the project in the filter or all projects # if multiple projects. $t_custom_fields = custom_field_get_linked_ids($t_project_id); foreach ($t_custom_fields as $t_cfid) { $t_custom_where_clause = ''; # Ignore all custom filters that are not set, or that are set to '' or "any" $t_any_found = false; foreach ($t_filter['custom_fields'][$t_cfid] as $t_filter_member) { if (META_FILTER_ANY == $t_filter_member && is_numeric($t_filter_member)) { $t_any_found = true; } } if (!isset($t_filter['custom_fields'][$t_cfid])) { $t_any_found = true; } if (!$t_any_found) { $t_def = custom_field_get_definition($t_cfid); $t_table_name = $t_custom_field_string_table . '_' . $t_cfid; # We need to filter each joined table or the result query will explode in dimensions # Each custom field will result in a exponential growth like Number_of_Issues^Number_of_Custom_Fields # and only after this process ends (if it is able to) the result query will be filtered # by the WHERE clause and by the DISTINCT clause $t_cf_join_clause = "LEFT JOIN {$t_custom_field_string_table} {$t_table_name} ON {$t_table_name}.bug_id = {$t_bug_table}.id AND {$t_table_name}.field_id = {$t_cfid} "; if ($t_def['type'] == CUSTOM_FIELD_TYPE_DATE) { switch ($t_filter['custom_fields'][$t_cfid][0]) { case CUSTOM_FIELD_DATE_ANY: break; case CUSTOM_FIELD_DATE_NONE: array_push($t_join_clauses, $t_cf_join_clause); $t_custom_where_clause = '(( ' . $t_table_name . '.bug_id is null) OR ( ' . $t_table_name . '.value = 0)'; break; case CUSTOM_FIELD_DATE_BEFORE: array_push($t_join_clauses, $t_cf_join_clause); $t_custom_where_clause = '(( ' . $t_table_name . '.value != 0 AND (' . $t_table_name . '.value+0) < ' . $t_filter['custom_fields'][$t_cfid][2] . ')'; break; case CUSTOM_FIELD_DATE_AFTER: array_push($t_join_clauses, $t_cf_join_clause); $t_custom_where_clause = '( (' . $t_table_name . '.value+0) > ' . ($t_filter['custom_fields'][$t_cfid][1] + 1); break; default: array_push($t_join_clauses, $t_cf_join_clause); $t_custom_where_clause = '( (' . $t_table_name . '.value+0) BETWEEN ' . $t_filter['custom_fields'][$t_cfid][1] . ' AND ' . $t_filter['custom_fields'][$t_cfid][2]; break; } } else { array_push($t_join_clauses, $t_cf_join_clause); $t_filter_array = array(); foreach ($t_filter['custom_fields'][$t_cfid] as $t_filter_member) { $t_filter_member = stripslashes($t_filter_member); if (META_FILTER_NONE == $t_filter_member) { # coerce filter value if selecting META_FILTER_NONE so it will match empty fields $t_filter_member = ''; # but also add those _not_ present in the custom field string table array_push($t_filter_array, "{$t_bug_table}.id NOT IN (SELECT bug_id FROM {$t_custom_field_string_table} WHERE field_id={$t_cfid})"); } switch ($t_def['type']) { case CUSTOM_FIELD_TYPE_MULTILIST: case CUSTOM_FIELD_TYPE_CHECKBOX: array_push($t_filter_array, db_helper_like("{$t_table_name}.value", '%|' . db_prepare_string($t_filter_member) . '|%')); break; default: array_push($t_filter_array, "{$t_table_name}.value = '" . db_prepare_string($t_filter_member) . "'"); } } $t_custom_where_clause .= '(' . implode(' OR ', $t_filter_array); } if (!is_blank($t_custom_where_clause)) { array_push($t_where_clauses, $t_custom_where_clause . ')'); } } } } $t_textsearch_where_clause = ''; $t_textsearch_wherejoin_clause = ''; # Simple Text Search - Thanks to Alan Knowles if (!is_blank($t_filter['search'])) { $c_search = db_prepare_string($t_filter['search']); $c_search_int = db_prepare_int($t_filter['search']); $t_textsearch_where_clause = '(' . db_helper_like('summary', "%{$c_search}%") . ' OR ' . db_helper_like("{$t_bug_text_table}.description", "%{$c_search}%") . ' OR ' . db_helper_like("{$t_bug_text_table}.steps_to_reproduce", "%{$c_search}%") . ' OR ' . db_helper_like("{$t_bug_text_table}.additional_information", "%{$c_search}%") . " OR ( {$t_bug_table}.id = '{$c_search_int}' ) )"; $t_textsearch_wherejoin_clause = '(' . db_helper_like('summary', "%{$c_search}%") . ' OR ' . db_helper_like("{$t_bug_text_table}.description", "%{$c_search}%") . ' OR ' . db_helper_like("{$t_bug_text_table}.steps_to_reproduce", "%{$c_search}%") . ' OR ' . db_helper_like("{$t_bug_text_table}.additional_information", "%{$c_search}%") . ' OR ' . db_helper_like("{$t_bug_table}.id", "%{$c_search}%") . ' OR ' . db_helper_like("{$t_bugnote_text_table}.note", "%{$c_search}%") . ' )'; array_push($t_where_clauses, "({$t_bug_text_table}.id = {$t_bug_table}.bug_text_id)"); $t_from_clauses = array($t_bug_text_table, $t_project_table, $t_bug_table); } else { $t_from_clauses = array($t_project_table, $t_bug_table); } $t_select = implode(', ', array_unique($t_select_clauses)); $t_from = 'FROM ' . implode(', ', array_unique($t_from_clauses)); $t_join = implode(' ', $t_join_clauses); if (count($t_where_clauses) > 0) { $t_where = 'WHERE ' . implode(' AND ', $t_where_clauses); } else { $t_where = ''; } # Possibly do two passes. First time, grab the IDs of issues that match the filters. Second time, grab the IDs of issues that # have bugnotes that match the text search if necessary. $t_id_array = array(); for ($i = 0; $i < 2; $i++) { $t_id_where = $t_where; $t_id_join = $t_join; if ($i == 0) { if (!is_blank($t_id_where) && !is_blank($t_textsearch_where_clause)) { $t_id_where = $t_id_where . ' AND ' . $t_textsearch_where_clause; } } else { if (!is_blank($t_textsearch_wherejoin_clause)) { $t_id_where = $t_id_where . ' AND ' . $t_textsearch_wherejoin_clause; $t_id_join = $t_id_join . " INNER JOIN {$t_bugnote_table} ON {$t_bugnote_table}.bug_id = {$t_bug_table}.id"; $t_id_join = $t_id_join . " INNER JOIN {$t_bugnote_text_table} ON {$t_bugnote_text_table}.id = {$t_bugnote_table}.bugnote_text_id"; } } $query = "SELECT DISTINCT {$t_bug_table}.id AS id\r\n\t\t\t\t\t\t{$t_from}\r\n\t\t\t\t\t\t{$t_id_join}\r\n\t\t\t\t\t\t{$t_id_where}"; if ($i == 0 || !is_blank($t_textsearch_wherejoin_clause)) { $result = db_query($query); $row_count = db_num_rows($result); for ($j = 0; $j < $row_count; $j++) { $row = db_fetch_array($result); $t_id_array[] = db_prepare_int($row['id']); } } } $t_id_array = array_unique($t_id_array); # Get the total number of bugs that meet the criteria. $bug_count = count($t_id_array); $rows = array(); if ($bug_count > 0) { $t_where = "WHERE {$t_bug_table}.id in (" . implode(", ", $t_id_array) . ")"; } else { return $rows; } $t_from = 'FROM ' . $t_bug_table; # write the value back in case the caller wants to know $p_bug_count = $bug_count; if (null === $p_per_page) { $p_per_page = (int) $t_filter['per_page']; } else { if (-1 == $p_per_page) { $p_per_page = $bug_count; } } # Guard against silly values of $f_per_page. if (0 == $p_per_page) { $p_per_page = $bug_count; // 0 - means show all } $p_per_page = (int) abs($p_per_page); # Use $bug_count and $p_per_page to determine how many pages # to split this list up into. # For the sake of consistency have at least one page, even if it # is empty. $t_page_count = ceil($bug_count / $p_per_page); if ($t_page_count < 1) { $t_page_count = 1; } # write the value back in case the caller wants to know $p_page_count = $t_page_count; # Make sure $p_page_number isn't past the last page. if ($p_page_number > $t_page_count) { $p_page_number = $t_page_count; } # Make sure $p_page_number isn't before the first page if ($p_page_number < 1) { $p_page_number = 1; } # Now add the rest of the criteria i.e. sorting, limit. # if sort is blank then default the sort and direction. This is to fix the # symptoms of #3953. Note that even if the main problem is fixed, we may # have to keep this code for a while to handle filters saved with this blank field. if (is_blank($t_filter['sort'])) { $t_filter['sort'] = 'last_updated'; $t_filter['dir'] = 'DESC'; } $t_order_array = array(); $t_sort_fields = split(',', $t_filter['sort']); $t_dir_fields = split(',', $t_filter['dir']); if ('on' == $t_filter['sticky_issues'] && NULL !== $p_show_sticky) { $t_order_array[] = "sticky DESC"; } $t_join = ''; for ($i = 0; $i < count($t_sort_fields); $i++) { $c_sort = db_prepare_string($t_sort_fields[$i]); if (!in_array($t_sort_fields[$i], array_slice($t_sort_fields, $i + 1))) { # if sorting by a custom field if (strpos($c_sort, 'custom_') === 0) { $t_custom_field = substr($c_sort, strlen('custom_')); $t_custom_field_id = custom_field_get_id_from_name($t_custom_field); $t_join .= " LEFT JOIN {$t_custom_field_string_table} ON ( ( {$t_custom_field_string_table}.bug_id = {$t_bug_table}.id ) AND ( {$t_custom_field_string_table}.field_id = {$t_custom_field_id} ) )"; $c_sort = "{$t_custom_field_string_table}.value"; $t_select_clauses[] = "{$t_custom_field_string_table}.value"; } if ('DESC' == $t_dir_fields[$i]) { $c_dir = 'DESC'; } else { $c_dir = 'ASC'; } $t_order_array[] = "{$c_sort} {$c_dir}"; } } # add basic sorting if necessary if (!in_array('last_updated', $t_sort_fields)) { $t_order_array[] = 'last_updated DESC'; } if (!in_array('date_submitted', $t_sort_fields)) { $t_order_array[] = 'date_submitted DESC'; } $t_order = " ORDER BY " . implode(', ', $t_order_array); $t_select = implode(', ', array_unique($t_select_clauses)); $query2 = "SELECT DISTINCT {$t_select}\r\n\t\t\t\t\t{$t_from}\r\n\t\t\t\t\t{$t_join}\r\n\t\t\t\t\t{$t_where}\r\n\t\t\t\t\t{$t_order}"; # Figure out the offset into the db query # # for example page number 1, per page 5: # t_offset = 0 # for example page number 2, per page 5: # t_offset = 5 $c_per_page = db_prepare_int($p_per_page); $c_page_number = db_prepare_int($p_page_number); $t_offset = ($c_page_number - 1) * $c_per_page; # perform query $result2 = db_query($query2, $c_per_page, $t_offset); $row_count = db_num_rows($result2); $t_id_array_lastmod = array(); for ($i = 0; $i < $row_count; $i++) { $row = db_fetch_array($result2); $t_id_array_lastmod[] = db_prepare_int($row['id']); $row['date_submitted'] = db_unixtimestamp($row['date_submitted']); $row['last_updated'] = db_unixtimestamp($row['last_updated']); array_push($rows, $row); } $t_id_array_lastmod = array_unique($t_id_array_lastmod); // paulr: it should be impossible for t_id_array_lastmod to be array(): // that would imply that $t_id_array is null which aborts this function early //if ( count( $t_id_array_lastmod ) > 0 ) { $t_where = "WHERE {$t_bugnote_table}.bug_id in (" . implode(", ", $t_id_array_lastmod) . ")"; $query3 = "SELECT DISTINCT bug_id,MAX(last_modified) as last_modified, COUNT(last_modified) as count FROM {$t_bugnote_table} {$t_where} GROUP BY bug_id"; # perform query $result3 = db_query($query3); $row_count = db_num_rows($result3); for ($i = 0; $i < $row_count; $i++) { $row = db_fetch_array($result3); $t_stats[$row['bug_id']] = $row; } foreach ($rows as $row) { if (!isset($t_stats[$row['id']])) { bug_cache_database_result($row, false); } else { bug_cache_database_result($row, $t_stats[$row['id']]); } } return $rows; }
/** * return the user's access level * account for private project and the project user lists * * @param integer $p_user_id A valid user identifier. * @param integer $p_project_id A valid project identifier. * @return integer */ function user_get_access_level($p_user_id, $p_project_id = ALL_PROJECTS) { $t_access_level = user_get_field($p_user_id, 'access_level'); if (user_is_administrator($p_user_id)) { return $t_access_level; } $t_project_access_level = project_get_local_user_access_level($p_project_id, $p_user_id); if (false === $t_project_access_level) { return $t_access_level; } else { return $t_project_access_level; } }
} if ($_POST['action'] == 'sendmessage') { include_once 'send.php'; send_find($_POST['message'], $user, $_POST['recipient']); redirect("/send/{$_POST['recipient']}"); exit; } if ($_POST['action'] == 'login') { login($_POST['user'], $_POST['pass'], $_POST['remember']); exit; } if ($_GET['action'] == 'login_ajax') { login($_GET['user'], $_GET['pass'], $_GET['remember'], "/watched/{$_GET['user']}"); exit; } if ($_POST['data'] && $_POST['filename'] && user_is_administrator()) { file_put_contents($_POST['filename'], stripslashes($_POST['data'])); redirect('/'); exit; } //if ($_SERVER['USER']=='jwdavidson') print_r($_POST['action']); if ($_POST['action'] == 'snitch_archive') { redirect("/snitch/{$_POST['reverse']}{$_POST['threshhold']}{$_POST['units']}/{$_POST['begindate']}"); exit; } //if ($_SERVER['USER']=='jwdavidson') print_r($_POST); if ($_POST['action'] == 'write_css') { file_put_contents("{$_SERVER['USER_ROOT']}/user_css.txt", '$extra_css="' . $_POST['css_data'] . '";'); redirect('/'); exit; }
/** * This function checks the project access level first (for the current project * if none is specified) and if the user is not listed, it falls back on the * user's global access level. * @param int $p_project_id integer representing project id to check access against * @param int|null $p_user_id integer representing user id, defaults to null to use current user * @return int access level user has to given project * @access public */ function access_get_project_level($p_project_id = null, $p_user_id = null) { if (null === $p_user_id) { $p_user_id = auth_get_current_user_id(); } # Deal with not logged in silently in this case /** @todo we may be able to remove this and just error and once we default to anon login, we can remove it for sure */ if (empty($p_user_id) && !auth_is_user_authenticated()) { return ANYBODY; } if (null === $p_project_id) { $p_project_id = helper_get_current_project(); } $t_global_access_level = access_get_global_level($p_user_id); if (ALL_PROJECTS == $p_project_id || user_is_administrator($p_user_id)) { return $t_global_access_level; } else { $t_project_access_level = access_get_local_level($p_user_id, $p_project_id); $t_project_view_state = project_get_field($p_project_id, 'view_state'); # Try to use the project access level. # If the user is not listed in the project, then try to fall back # to the global access level if (false === $t_project_access_level) { # If the project is private and the user isn't listed, then they # must have the private_project_threshold access level to get in. if (VS_PRIVATE == $t_project_view_state) { if (access_compare_level($t_global_access_level, config_get('private_project_threshold', null, null, ALL_PROJECTS))) { return $t_global_access_level; } else { return ANYBODY; } } else { # project access not set, but the project is public return $t_global_access_level; } } else { # project specific access was set return $t_project_access_level; } } }
require_api('helper_api.php'); require_api('html_api.php'); require_api('lang_api.php'); require_api('print_api.php'); require_api('user_api.php'); form_security_validate('manage_user_delete'); auth_reauthenticate(); access_ensure_global_level(config_get('manage_user_threshold')); $f_user_id = gpc_get_int('user_id'); $t_user = user_get_row($f_user_id); # Ensure that the account to be deleted is of equal or lower access to the # current user. access_ensure_global_level($t_user['access_level']); # check that we are not deleting the last administrator account $t_admin_threshold = config_get_global('admin_site_threshold'); if (user_is_administrator($f_user_id) && user_count_level($t_admin_threshold) <= 1) { trigger_error(ERROR_USER_CHANGE_LAST_ADMIN, ERROR); } # If an administrator is trying to delete their own account, use # account_delete.php instead as it is handles logging out and redirection # of users who have just deleted their own accounts. if (auth_get_current_user_id() == $f_user_id) { form_security_purge('manage_user_delete'); print_header_redirect('account_delete.php?account_delete_token=' . form_security_token('account_delete'), true, false); } helper_ensure_confirmed(lang_get('delete_account_sure_msg') . '<br/>' . lang_get('username_label') . lang_get('word_separator') . $t_user['username'], lang_get('delete_account_button')); user_delete($f_user_id); form_security_purge('manage_user_delete'); html_page_top(null, 'manage_user_page.php'); html_operation_successful('manage_user_page.php'); html_page_bottom();