function login_session_refresh($force_user_data_reload = false) { // force a database reload of user data if (user_is_logged_in() && $force_user_data_reload) { $user = db_select_one('users', array('id', 'class', 'enabled', '2fa_status'), array('id' => $_SESSION['id'])); if ($_SESSION['2fa_status'] == 'authenticated') { $user['2fa_status'] = $_SESSION['2fa_status']; } login_session_create($user); } // if users session has expired, but they have the "remember me" cookie if (!user_is_logged_in() && login_cookie_isset()) { login_session_create_from_login_cookie(); } if (user_is_logged_in() && !user_is_enabled()) { logout(); } }
if ($f_error) { echo '<li>' . lang_get('login_error') . '</li>'; } if ($f_cookie_error) { echo '<li>' . lang_get('login_cookies_disabled') . '</li>'; } echo '</ul>'; echo '</div>'; } $t_warnings = array(); $t_upgrade_required = false; if (config_get_global('admin_checks') == ON && file_exists(dirname(__FILE__) . '/admin')) { # Generate a warning if default user administrator/root is valid. $t_admin_user_id = user_get_id_by_name('administrator'); if ($t_admin_user_id !== false) { if (user_is_enabled($t_admin_user_id) && auth_does_password_match($t_admin_user_id, 'root')) { $t_warnings[] = lang_get('warning_default_administrator_account_present'); } } /** * Display Warnings for enabled debugging / developer settings * @param string $p_type Message Type. * @param string $p_setting Setting. * @param string $p_value Value. * @return string */ function debug_setting_message($p_type, $p_setting, $p_value) { return sprintf(lang_get('warning_change_setting'), $p_setting, $p_value) . sprintf(lang_get('word_separator')) . sprintf(lang_get("warning_{$p_type}_hazard")); } $t_config = 'show_detailed_errors';
); if( $t_anonymous_account === '' ) { return; } $t_anonymous_user_id = user_get_id_by_name( $t_anonymous_account ); check_print_test_row( 'anonymous_account is a valid user account', $t_anonymous_user_id !== false, array( false => 'You need to specify a valid user account to use with the anonymous_account configuration options.' ) ); check_print_test_row( 'anonymous_account user has the enabled flag set', user_is_enabled( $t_anonymous_user_id ), array( false => 'The anonymous user account must be enabled before it can be used.' ) ); check_print_test_row( 'anonymous_account user has the protected flag set', user_get_field( $t_anonymous_user_id, 'protected' ), array( false => 'The anonymous user account needs to have the protected flag set to prevent anonymous users modifying the account.' ) ); check_print_test_row( 'anonymous_account user does not have administrator permissions', !user_is_administrator( $t_anonymous_user_id ), array( true => 'The anonymous user account currently has an access level of: ' . htmlentities( get_enum_element( 'access_levels', user_get_access_level( $t_anonymous_user_id ) ) ), false => 'The anonymous user account should not have administrator level permissions.'
if (isset($_GET['code'])) { $client->authenticate($_GET['code']); $_SESSION['access_token'] = $client->getAccessToken(); header('Location: ' . filter_var($redirect_uri, FILTER_SANITIZE_URL)); } if (isset($_SESSION['access_token']) && $_SESSION['access_token']) { $client->setAccessToken($_SESSION['access_token']); } if ($client->getAccessToken()) { $userData = $objOAuthService->userinfo->get(); $data['userData'] = $userData; $_SESSION['access_token'] = $client->getAccessToken(); } $user_id = user_get_id_by_email($userData->email); # check for disabled account if (!user_is_enabled($user_id)) { echo "<p>Your email didn't to registration on this web site. Please register new account first. "; return false; } # max. failed login attempts achieved... if (!user_is_login_request_allowed($user_id)) { echo "<p>Your email didn't to registration on this web site. Please register new account first. "; return false; } # check for anonymous login if (user_is_anonymous($user_id)) { echo "<p>Your email didn't to registration on this web site. Please register new account first. "; return false; } user_increment_login_count($user_id); user_reset_failed_login_count_to_zero($user_id);
/** * Attempt to login the user with the given password * If the user fails validation, false is returned * If the user passes validation, the cookies are set and * true is returned. If $p_perm_login is true, the long-term * cookie is created. * @param string $p_username a prepared username * @param string $p_password a prepared password * @param bool $p_perm_login whether to create a long-term cookie * @return bool indicates if authentication was successful * @access public */ function auth_attempt_login($p_username, $p_password, $p_perm_login = false) { $t_user_id = user_get_id_by_name($p_username); $t_login_method = config_get('login_method'); if (false === $t_user_id) { if (BASIC_AUTH == $t_login_method) { $t_auto_create = true; } else { if (LDAP == $t_login_method && ldap_authenticate_by_username($p_username, $p_password)) { $t_auto_create = true; } else { $t_auto_create = false; } } if ($t_auto_create) { # attempt to create the user $t_cookie_string = user_create($p_username, md5($p_password)); if (false === $t_cookie_string) { # it didn't work return false; } # ok, we created the user, get the row again $t_user_id = user_get_id_by_name($p_username); if (false === $t_user_id) { # uh oh, something must be really wrong # @@@ trigger an error here? return false; } } else { return false; } } # check for disabled account if (!user_is_enabled($t_user_id)) { return false; } # max. failed login attempts achieved... if (!user_is_login_request_allowed($t_user_id)) { return false; } # check for anonymous login if (!user_is_anonymous($t_user_id)) { # anonymous login didn't work, so check the password if (!auth_does_password_match($t_user_id, $p_password)) { user_increment_failed_login_count($t_user_id); return false; } } # ok, we're good to login now # increment login count user_increment_login_count($t_user_id); user_reset_failed_login_count_to_zero($t_user_id); user_reset_lost_password_in_progress_count_to_zero($t_user_id); # set the cookies auth_set_cookies($t_user_id, $p_perm_login); auth_set_tokens($t_user_id); return true; }
/** * Attempt to login the user with the given password * If the user fails validation, false is returned * If the user passes validation, the cookies are set and * true is returned. If $p_perm_login is true, the long-term * cookie is created. * @param string $p_username A prepared username. * @param string $p_password A prepared password. * @param boolean $p_perm_login Whether to create a long-term cookie. * @return boolean indicates if authentication was successful * @access public */ function auth_attempt_login($p_username, $p_password, $p_perm_login = false) { $t_user_id = auth_get_user_id_from_login_name($p_username); if ($t_user_id === false) { $t_user_id = auth_auto_create_user($p_username, $p_password); if ($t_user_id === false) { return false; } } # check for disabled account if (!user_is_enabled($t_user_id)) { return false; } # max. failed login attempts achieved... if (!user_is_login_request_allowed($t_user_id)) { return false; } # check for anonymous login if (!user_is_anonymous($t_user_id)) { # anonymous login didn't work, so check the password if (!auth_does_password_match($t_user_id, $p_password)) { user_increment_failed_login_count($t_user_id); return false; } } # ok, we're good to login now # increment login count user_increment_login_count($t_user_id); user_reset_failed_login_count_to_zero($t_user_id); user_reset_lost_password_in_progress_count_to_zero($t_user_id); # set the cookies auth_set_cookies($t_user_id, $p_perm_login); auth_set_tokens($t_user_id); return true; }
/** * @todo yarick123: email_collect_recipients(...) will be completely rewritten to provide additional information such as language, user access,.. * @todo yarick123:sort recipients list by language to reduce switches between different languages * @param int $p_bug_id * @param string $p_notify_type * @param array $p_extra_user_ids_to_email * @return array */ function email_collect_recipients($p_bug_id, $p_notify_type, $p_extra_user_ids_to_email = array()) { $c_bug_id = db_prepare_int($p_bug_id); $t_recipients = array(); # add explicitly specified users if (ON == email_notify_flag($p_notify_type, 'explicit')) { foreach ($p_extra_user_ids_to_email as $t_user_id) { $t_recipients[$t_user_id] = true; log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, add explicitly specified user = @U%d', $p_bug_id, $t_user_id)); } } # add Reporter if (ON == email_notify_flag($p_notify_type, 'reporter')) { $t_reporter_id = bug_get_field($p_bug_id, 'reporter_id'); $t_recipients[$t_reporter_id] = true; log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, add Reporter = @U%d', $p_bug_id, $t_reporter_id)); } # add Handler if (ON == email_notify_flag($p_notify_type, 'handler')) { $t_handler_id = bug_get_field($p_bug_id, 'handler_id'); if ($t_handler_id > 0) { $t_recipients[$t_handler_id] = true; log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, add Handler = @U%d', $p_bug_id, $t_handler_id)); } } $t_project_id = bug_get_field($p_bug_id, 'project_id'); # add users monitoring the bug $t_bug_monitor_table = db_get_table('mantis_bug_monitor_table'); if (ON == email_notify_flag($p_notify_type, 'monitor')) { $query = "SELECT DISTINCT user_id\n\t\t\t\t\t FROM {$t_bug_monitor_table}\n\t\t\t\t\t WHERE bug_id=" . db_param(); $result = db_query_bound($query, array($c_bug_id)); $count = db_num_rows($result); for ($i = 0; $i < $count; $i++) { $t_user_id = db_result($result, $i); $t_recipients[$t_user_id] = true; log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, add Monitor = @U%d', $p_bug_id, $t_user_id)); } } # add users who contributed bugnotes $t_bugnote_id = bugnote_get_latest_id($p_bug_id); $t_bugnote_view = bugnote_get_field($t_bugnote_id, 'view_state'); $t_bugnote_date = bugnote_get_field($t_bugnote_id, 'last_modified'); $t_bug = bug_get($p_bug_id); $t_bug_date = $t_bug->last_updated; $t_bugnote_table = db_get_table('mantis_bugnote_table'); if (ON == email_notify_flag($p_notify_type, 'bugnotes')) { $query = "SELECT DISTINCT reporter_id\n\t\t\t\t\t FROM {$t_bugnote_table}\n\t\t\t\t\t WHERE bug_id = " . db_param(); $result = db_query_bound($query, array($c_bug_id)); $count = db_num_rows($result); for ($i = 0; $i < $count; $i++) { $t_user_id = db_result($result, $i); $t_recipients[$t_user_id] = true; log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, add Note Author = @U%d', $p_bug_id, $t_user_id)); } } # add project users who meet the thresholds $t_bug_is_private = bug_get_field($p_bug_id, 'view_state') == VS_PRIVATE; $t_threshold_min = email_notify_flag($p_notify_type, 'threshold_min'); $t_threshold_max = email_notify_flag($p_notify_type, 'threshold_max'); $t_threshold_users = project_get_all_user_rows($t_project_id, $t_threshold_min); foreach ($t_threshold_users as $t_user) { if ($t_user['access_level'] <= $t_threshold_max) { if (!$t_bug_is_private || access_compare_level($t_user['access_level'], config_get('private_bug_threshold'))) { $t_recipients[$t_user['id']] = true; log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, add Project User = @U%d', $p_bug_id, $t_user['id'])); } } } # add users as specified by plugins $t_recipients_include_data = event_signal('EVENT_NOTIFY_USER_INCLUDE', array($p_bug_id, $p_notify_type)); foreach ($t_recipients_include_data as $t_plugin => $t_recipients_include_data2) { foreach ($t_recipients_include_data2 as $t_callback => $t_recipients_included) { # only handle if we get an array from the callback if (is_array($t_recipients_included)) { foreach ($t_recipients_included as $t_user_id) { $t_recipients[$t_user_id] = true; log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, %s plugin added user @U%d', $p_bug_id, $t_plugin, $t_user_id)); } } } } # FIXME: the value of $p_notify_type could at this stage be either a status # or a built-in actions such as 'owner and 'sponsor'. We have absolutely no # idea whether 'new' is indicating a new bug has been filed, or if the # status of an existing bug has been changed to 'new'. Therefore it is best # to just assume built-in actions have precedence over status changes. switch ($p_notify_type) { case 'new': case 'feedback': # This isn't really a built-in action (delete me!) # This isn't really a built-in action (delete me!) case 'reopened': case 'resolved': case 'closed': case 'bugnote': $t_pref_field = 'email_on_' . $p_notify_type; break; case 'owner': # The email_on_assigned notification type is now effectively # email_on_change_of_handler. $t_pref_field = 'email_on_assigned'; break; case 'deleted': case 'updated': case 'sponsor': case 'relation': case 'monitor': case 'priority': # This is never used, but exists in the database! # FIXME: these notification actions are not actually implemented # in the database and therefore aren't adjustable on a per-user # basis! The exception is 'monitor' that makes no sense being a # customisable per-user preference. $t_pref_field = false; break; default: # Anything not built-in is probably going to be a status $t_pref_field = 'email_on_status'; break; } # @@@ we could optimize by modifiying user_cache() to take an array # of user ids so we could pull them all in. We'll see if it's necessary $t_final_recipients = array(); $t_user_ids = array_keys($t_recipients); user_cache_array_rows($t_user_ids); user_pref_cache_array_rows($t_user_ids); user_pref_cache_array_rows($t_user_ids, $t_bug->project_id); # Check whether users should receive the emails # and put email address to $t_recipients[user_id] foreach ($t_recipients as $t_id => $t_ignore) { # Possibly eliminate the current user if (auth_get_current_user_id() == $t_id && OFF == config_get('email_receive_own')) { log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, drop @U%d (own)', $p_bug_id, $t_id)); continue; } # Eliminate users who don't exist anymore or who are disabled if (!user_exists($t_id) || !user_is_enabled($t_id)) { log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, drop @U%d (disabled)', $p_bug_id, $t_id)); continue; } # Exclude users who have this notification type turned off if ($t_pref_field) { $t_notify = user_pref_get_pref($t_id, $t_pref_field); if (OFF == $t_notify) { log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, drop @U%d (pref %s off)', $p_bug_id, $t_id, $t_pref_field)); continue; } else { # Users can define the severity of an issue before they are emailed for # each type of notification $t_min_sev_pref_field = $t_pref_field . '_min_severity'; $t_min_sev_notify = user_pref_get_pref($t_id, $t_min_sev_pref_field); $t_bug_severity = bug_get_field($p_bug_id, 'severity'); if ($t_bug_severity < $t_min_sev_notify) { log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, drop @U%d (pref threshold)', $p_bug_id, $t_id)); continue; } } } # exclude users who don't have at least viewer access to the bug, # or who can't see bugnotes if the last update included a bugnote if (!access_has_bug_level(VIEWER, $p_bug_id, $t_id) || $t_bug_date == $t_bugnote_date && !access_has_bugnote_level(VIEWER, $t_bugnote_id, $t_id)) { log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, drop @U%d (access level)', $p_bug_id, $t_id)); continue; } # check to exclude users as specified by plugins $t_recipient_exclude_data = event_signal('EVENT_NOTIFY_USER_EXCLUDE', array($p_bug_id, $p_notify_type, $t_id)); $t_exclude = false; foreach ($t_recipient_exclude_data as $t_plugin => $t_recipient_exclude_data2) { foreach ($t_recipient_exclude_data2 as $t_callback => $t_recipient_excluded) { # exclude if any plugin returns true (excludes the user) if ($t_recipient_excluded) { $t_exclude = true; log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, %s plugin dropped user @U%d', $p_bug_id, $t_plugin, $t_id)); } } } # user was excluded by a plugin if ($t_exclude) { continue; } # Finally, let's get their emails, if they've set one $t_email = user_get_email($t_id); if (is_blank($t_email)) { log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, drop @U%d (no email)', $p_bug_id, $t_id)); } else { # @@@ we could check the emails for validity again but I think # it would be too slow $t_final_recipients[$t_id] = $t_email; } } return $t_final_recipients; }
private function get_user($p_parsed_from) { if ($this->_mail_use_reporter) { // Always report as mail_reporter $t_reporter_id = $this->_mail_reporter_id; } else { // Try to get the reporting users id $t_reporter_id = $this->get_userid_from_email($p_parsed_from['email']); if (!$t_reporter_id) { if ($this->_mail_auto_signup) { // So, we have to sign up a new user... $t_new_reporter_name = $this->prepare_username($p_parsed_from); if ($t_new_reporter_name !== FALSE && $this->validate_email_address($p_parsed_from['email'])) { if (user_signup($t_new_reporter_name, $p_parsed_from['email'])) { # notify the selected group a new user has signed-up email_notify_new_account($t_new_reporter_name, $p_parsed_from['email']); $t_reporter_id = user_get_id_by_email($p_parsed_from['email']); $t_reporter_name = $t_new_reporter_name; $t_realname = $this->prepare_realname($p_parsed_from, $t_reporter_name); if ($t_realname !== FALSE) { user_set_realname($t_reporter_id, $t_realname); } } } if (!$t_reporter_id) { $this->custom_error('Failed to create user based on: ' . $p_parsed_from['From']); } } } if ((!$t_reporter_id || !user_is_enabled($t_reporter_id)) && $this->_mail_fallback_mail_reporter) { // Fall back to the default mail_reporter $t_reporter_id = $this->_mail_reporter_id; } } if ($t_reporter_id && user_is_enabled($t_reporter_id)) { if (!isset($t_reporter_name)) { $t_reporter_name = user_get_field($t_reporter_id, 'username'); } $t_authattemptresult = auth_attempt_script_login($t_reporter_name); # last attempt for fallback if ($t_authattemptresult === FALSE && $this->_mail_fallback_mail_reporter && $t_reporter_id != $this->_mail_reporter_id && user_is_enabled($this->_mail_reporter_id)) { $t_reporter_id = $this->_mail_reporter_id; $t_reporter_name = user_get_field($t_reporter_id, 'username'); $t_authattemptresult = auth_attempt_script_login($t_reporter_name); } if ($t_authattemptresult === TRUE) { user_update_last_visit($t_reporter_id); return (int) $t_reporter_id; } } // Normally this function does not get here unless all else failed $this->custom_error('Could not get a valid reporter. Email will be ignored'); return FALSE; }
/** * Check if the specified user is an enabled user with admin access level or above. * @param integer $p_user_id A valid user identifier. * @return boolean true: admin, false: otherwise. */ function user_is_administrator($p_user_id) { if (!user_is_enabled($p_user_id)) { return false; } $t_access_level = user_get_field($p_user_id, 'access_level'); return $t_access_level >= config_get_global('admin_site_threshold'); }
function email_collect_recipients($p_bug_id, $p_notify_type) { $c_bug_id = db_prepare_int($p_bug_id); $t_recipients = array(); # add Reporter if (ON == email_notify_flag($p_notify_type, 'reporter')) { $t_reporter_id = bug_get_field($p_bug_id, 'reporter_id'); $t_recipients[$t_reporter_id] = true; log_event(LOG_EMAIL_RECIPIENT, "bug={$p_bug_id}, add reporter={$t_reporter_id}"); } # add Handler if (ON == email_notify_flag($p_notify_type, 'handler')) { $t_handler_id = bug_get_field($p_bug_id, 'handler_id'); if ($t_handler_id > 0) { $t_recipients[$t_handler_id] = true; log_event(LOG_EMAIL_RECIPIENT, "bug={$p_bug_id}, add handler={$t_handler_id}"); } } $t_project_id = bug_get_field($p_bug_id, 'project_id'); # add users monitoring the bug $t_bug_monitor_table = config_get('mantis_bug_monitor_table'); if (ON == email_notify_flag($p_notify_type, 'monitor')) { $query = "SELECT DISTINCT user_id\n\t\t\t\t\t FROM {$t_bug_monitor_table}\n\t\t\t\t\t WHERE bug_id={$c_bug_id}"; $result = db_query($query); $count = db_num_rows($result); for ($i = 0; $i < $count; $i++) { $t_user_id = db_result($result, $i); $t_recipients[$t_user_id] = true; log_event(LOG_EMAIL_RECIPIENT, "bug={$p_bug_id}, add monitor={$t_user_id}"); } } # add users who contributed bugnotes $t_bugnote_id = bugnote_get_latest_id($p_bug_id); $t_bugnote_view = bugnote_get_field($t_bugnote_id, 'view_state'); $t_bugnote_date = db_unixtimestamp(bugnote_get_field($t_bugnote_id, 'last_modified')); $t_bug_date = bug_get_field($p_bug_id, 'last_updated'); $t_bugnote_table = config_get('mantis_bugnote_table'); if (ON == email_notify_flag($p_notify_type, 'bugnotes')) { $query = "SELECT DISTINCT reporter_id\n\t\t\t\t\t FROM {$t_bugnote_table}\n\t\t\t\t\t WHERE bug_id = {$c_bug_id}"; $result = db_query($query); $count = db_num_rows($result); for ($i = 0; $i < $count; $i++) { $t_user_id = db_result($result, $i); $t_recipients[$t_user_id] = true; log_event(LOG_EMAIL_RECIPIENT, "bug={$p_bug_id}, add note author={$t_user_id}"); } } # add project users who meet the thresholds $t_bug_is_private = bug_get_field($p_bug_id, 'view_state') == VS_PRIVATE; $t_threshold_min = email_notify_flag($p_notify_type, 'threshold_min'); $t_threshold_max = email_notify_flag($p_notify_type, 'threshold_max'); $t_threshold_users = project_get_all_user_rows($t_project_id, $t_threshold_min); foreach ($t_threshold_users as $t_user) { if ($t_user['access_level'] <= $t_threshold_max) { if (!$t_bug_is_private || access_compare_level($t_user['access_level'], config_get('private_bug_threshold'))) { $t_recipients[$t_user['id']] = true; log_event(LOG_EMAIL_RECIPIENT, "bug={$p_bug_id}, add project user="******"bug={$p_bug_id}, drop {$t_id} (own)"); continue; } # Eliminate users who don't exist anymore or who are disabled if (!user_exists($t_id) || !user_is_enabled($t_id)) { log_event(LOG_EMAIL_RECIPIENT, "bug={$p_bug_id}, drop {$t_id} (disabled)"); continue; } # Exclude users who have this notification type turned off if ($t_pref_field) { $t_notify = user_pref_get_pref($t_id, $t_pref_field); if (OFF == $t_notify) { log_event(LOG_EMAIL_RECIPIENT, "bug={$p_bug_id}, drop {$t_id} (pref {$t_pref_field} off)"); continue; } else { # Users can define the severity of an issue before they are emailed for # each type of notification $t_min_sev_pref_field = $t_pref_field . '_min_severity'; $t_min_sev_notify = user_pref_get_pref($t_id, $t_min_sev_pref_field); $t_bug_severity = bug_get_field($p_bug_id, 'severity'); if ($t_bug_severity < $t_min_sev_notify) { log_event(LOG_EMAIL_RECIPIENT, "bug={$p_bug_id}, drop {$t_id} (pref threshold)"); continue; } } } # check that user can see bugnotes if the last update included a bugnote if ($t_bug_date == $t_bugnote_date) { if (!access_has_bugnote_level(VIEWER, $t_bugnote_id, $t_id)) { log_event(LOG_EMAIL_RECIPIENT, "bug={$p_bug_id}, drop {$t_id} (access level)"); continue; } } # Finally, let's get their emails, if they've set one $t_email = user_get_email($t_id); if (is_blank($t_email)) { log_event(LOG_EMAIL_RECIPIENT, "bug={$p_bug_id}, drop {$t_id} (no email)"); } else { # @@@ we could check the emails for validity again but I think # it would be too slow $t_final_recipients[$t_id] = $t_email; } } return $t_final_recipients; }
/** * Format and hyperlink mentions * * @param string $p_text The text to process. * @param bool $p_html true for html, false otherwise. * @return string The processed text. */ function mention_format_text($p_text, $p_html = true) { $t_mentioned_users = mention_get_users($p_text); if (empty($t_mentioned_users)) { return $p_text; } $t_mentions_tag = mentions_tag(); $t_formatted_mentions = array(); foreach ($t_mentioned_users as $t_username => $t_user_id) { $t_mention = $t_mentions_tag . $t_username; $t_mention_formatted = $t_mention; if ($p_html) { $t_mention_formatted = string_display_line($t_mention_formatted); $t_mention_formatted = '<a class="user" href="' . string_sanitize_url('view_user_page.php?id=' . $t_user_id, true) . '">' . $t_mention_formatted . '</a>'; if (!user_is_enabled($t_user_id)) { $t_mention_formatted = '<s>' . $t_mention_formatted . '</s>'; } $t_mention_formatted = '<span class="mention">' . $t_mention_formatted . '</span>'; } $t_formatted_mentions[$t_mention] = $t_mention_formatted; } # Replace the mentions, ignoring existing anchor tags (otherwise # previously set mailto links would be processed as mentions, # corrupting the output $t_text = string_process_exclude_anchors($p_text, function ($p_string) use($t_formatted_mentions) { return str_replace(array_keys($t_formatted_mentions), array_values($t_formatted_mentions), $p_string); }); return $t_text; }
* @link http://www.mantisbt.org * * @uses check_api.php * @uses config_api.php * @uses user_api.php */ if (!defined('CHECK_ANONYMOUS_INC_ALLOW')) { return; } /** * MantisBT Check API */ require_once 'check_api.php'; require_api('config_api.php'); require_api('user_api.php'); check_print_section_header_row('Anonymous access'); $t_anonymous_access_enabled = config_get_global('allow_anonymous_login'); check_print_info_row('Anonymous access is enabled', $t_anonymous_access_enabled ? 'Yes' : 'No'); if (!$t_anonymous_access_enabled) { return; } $t_anonymous_account = config_get_global('anonymous_account'); check_print_test_row('anonymous_account configuration option is specified', $t_anonymous_account !== '', array(true => 'The account currently being used for anonymous access is: ' . htmlentities($t_anonymous_account), false => 'The anonymous_account configuration option must specify the username of an account to use for anonymous logins.')); if ($t_anonymous_account === '') { return; } $t_anonymous_user_id = user_get_id_by_name($t_anonymous_account); check_print_test_row('anonymous_account is a valid user account', $t_anonymous_user_id !== false, array(false => 'You need to specify a valid user account to use with the anonymous_account configuration options.')); check_print_test_row('anonymous_account user has the enabled flag set', user_is_enabled($t_anonymous_user_id), array(false => 'The anonymous user account must be enabled before it can be used.')); check_print_test_row('anonymous_account user has the protected flag set', user_get_field($t_anonymous_user_id, 'protected'), array(false => 'The anonymous user account needs to have the protected flag set to prevent anonymous users modifying the account.')); check_print_test_row('anonymous_account user does not have administrator permissions', !user_is_administrator($t_anonymous_user_id), array(true => 'The anonymous user account currently has an access level of: ' . htmlentities(get_enum_element('access_levels', user_get_access_level($t_anonymous_user_id))), false => 'The anonymous user account should not have administrator level permissions.'));
/** * Gets the managers of the current selected project * * @param $version_id * @return string */ public function calculate_person_in_charge($version_id) { $person_in_charge = ''; $project_id = helper_get_current_project(); if ($project_id == 0) { $project_id = version_get_field($version_id, 'project_id'); } $project_related_users = project_get_local_user_rows($project_id); $count = 0; foreach ($project_related_users as $project_related_user) { if ($project_related_user['project_id'] == $project_id && $project_related_user['access_level'] == 70 && user_is_enabled($project_related_user['user_id'])) { if ($count > 0) { $person_in_charge .= ', '; } $person_in_charge .= user_get_realname($project_related_user['user_id']); $count++; } } return $person_in_charge; }
/** * Send a notification to user or set of users that were mentioned in an issue * or an issue note. * * @param integer $p_bug_id Issue for which the reminder is sent. * @param array $p_mention_user_ids User id or list of user ids array. * @param string $p_message Optional message to add to the e-mail. * @param array $p_removed_mention_user_ids The users that were removed due to lack of access. * @return array List of users ids to whom the reminder e-mail was actually sent */ function email_user_mention($p_bug_id, $p_mention_user_ids, $p_message, $p_removed_mention_user_ids = array()) { if (OFF == config_get('enable_email_notification')) { log_event(LOG_EMAIL_VERBOSE, 'email notifications disabled.'); return array(); } $t_project_id = bug_get_field($p_bug_id, 'project_id'); $t_sender_id = auth_get_current_user_id(); $t_sender = user_get_name($t_sender_id); $t_subject = email_build_subject($p_bug_id); $t_date = date(config_get('normal_date_format')); $t_user_id = auth_get_current_user_id(); $t_users_processed = array(); foreach ($p_removed_mention_user_ids as $t_removed_mention_user_id) { log_event(LOG_EMAIL_VERBOSE, 'skipped mention email for U' . $t_removed_mention_user_id . ' (no access to issue or note).'); } $t_result = array(); foreach ($p_mention_user_ids as $t_mention_user_id) { # Don't trigger mention emails for self mentions if ($t_mention_user_id == $t_user_id) { log_event(LOG_EMAIL_VERBOSE, 'skipped mention email for U' . $t_mention_user_id . ' (self-mention).'); continue; } # Don't process a user more than once if (isset($t_users_processed[$t_mention_user_id])) { continue; } $t_users_processed[$t_mention_user_id] = true; # Don't email mention notifications to disabled users. if (!user_is_enabled($t_mention_user_id)) { continue; } lang_push(user_pref_get_language($t_mention_user_id, $t_project_id)); $t_email = user_get_email($t_mention_user_id); if (access_has_project_level(config_get('show_user_email_threshold'), $t_project_id, $t_mention_user_id)) { $t_sender_email = ' <' . user_get_email($t_sender_id) . '> '; } else { $t_sender_email = ''; } $t_complete_subject = sprintf(lang_get('mentioned_in'), $t_subject); $t_header = "\n" . lang_get('on_date') . ' ' . $t_date . ', ' . $t_sender . ' ' . $t_sender_email . lang_get('mentioned_you') . "\n\n"; $t_contents = $t_header . string_get_bug_view_url_with_fqdn($p_bug_id) . " \n\n" . $p_message; $t_id = email_store($t_email, $t_complete_subject, $t_contents); if ($t_id !== null) { $t_result[] = $t_mention_user_id; } log_event(LOG_EMAIL_VERBOSE, 'queued mention email ' . $t_id . ' for U' . $t_mention_user_id); lang_pop(); } return $t_result; }