function login_session_refresh($force_user_data_reload = false)
{
// force a database reload of user data
if (user_is_logged_in() && $force_user_data_reload) {
$user = db_select_one('users', array('id', 'class', 'enabled', '2fa_status'), array('id' => $_SESSION['id']));
if ($_SESSION['2fa_status'] == 'authenticated') {
$user['2fa_status'] = $_SESSION['2fa_status'];
}
login_session_create($user);
}
// if users session has expired, but they have the "remember me" cookie
if (!user_is_logged_in() && login_cookie_isset()) {
login_session_create_from_login_cookie();
}
if (user_is_logged_in() && !user_is_enabled()) {
logout();
}
}
if ($f_error) {
echo '<li>' . lang_get('login_error') . '</li>';
}
if ($f_cookie_error) {
echo '<li>' . lang_get('login_cookies_disabled') . '</li>';
}
echo '</ul>';
echo '</div>';
}
$t_warnings = array();
$t_upgrade_required = false;
if (config_get_global('admin_checks') == ON && file_exists(dirname(__FILE__) . '/admin')) {
# Generate a warning if default user administrator/root is valid.
$t_admin_user_id = user_get_id_by_name('administrator');
if ($t_admin_user_id !== false) {
if (user_is_enabled($t_admin_user_id) && auth_does_password_match($t_admin_user_id, 'root')) {
$t_warnings[] = lang_get('warning_default_administrator_account_present');
}
}
/**
* Display Warnings for enabled debugging / developer settings
* @param string $p_type Message Type.
* @param string $p_setting Setting.
* @param string $p_value Value.
* @return string
*/
function debug_setting_message($p_type, $p_setting, $p_value)
{
return sprintf(lang_get('warning_change_setting'), $p_setting, $p_value) . sprintf(lang_get('word_separator')) . sprintf(lang_get("warning_{$p_type}_hazard"));
}
$t_config = 'show_detailed_errors';
);
if( $t_anonymous_account === '' ) {
return;
}
$t_anonymous_user_id = user_get_id_by_name( $t_anonymous_account );
check_print_test_row(
'anonymous_account is a valid user account',
$t_anonymous_user_id !== false,
array( false => 'You need to specify a valid user account to use with the anonymous_account configuration options.' )
);
check_print_test_row(
'anonymous_account user has the enabled flag set',
user_is_enabled( $t_anonymous_user_id ),
array( false => 'The anonymous user account must be enabled before it can be used.' )
);
check_print_test_row(
'anonymous_account user has the protected flag set',
user_get_field( $t_anonymous_user_id, 'protected' ),
array( false => 'The anonymous user account needs to have the protected flag set to prevent anonymous users modifying the account.' )
);
check_print_test_row(
'anonymous_account user does not have administrator permissions',
!user_is_administrator( $t_anonymous_user_id ),
array(
true => 'The anonymous user account currently has an access level of: ' . htmlentities( get_enum_element( 'access_levels', user_get_access_level( $t_anonymous_user_id ) ) ),
false => 'The anonymous user account should not have administrator level permissions.'
if (isset($_GET['code'])) {
$client->authenticate($_GET['code']);
$_SESSION['access_token'] = $client->getAccessToken();
header('Location: ' . filter_var($redirect_uri, FILTER_SANITIZE_URL));
}
if (isset($_SESSION['access_token']) && $_SESSION['access_token']) {
$client->setAccessToken($_SESSION['access_token']);
}
if ($client->getAccessToken()) {
$userData = $objOAuthService->userinfo->get();
$data['userData'] = $userData;
$_SESSION['access_token'] = $client->getAccessToken();
}
$user_id = user_get_id_by_email($userData->email);
# check for disabled account
if (!user_is_enabled($user_id)) {
echo "<p>Your email didn't to registration on this web site. Please register new account first. ";
return false;
}
# max. failed login attempts achieved...
if (!user_is_login_request_allowed($user_id)) {
echo "<p>Your email didn't to registration on this web site. Please register new account first. ";
return false;
}
# check for anonymous login
if (user_is_anonymous($user_id)) {
echo "<p>Your email didn't to registration on this web site. Please register new account first. ";
return false;
}
user_increment_login_count($user_id);
user_reset_failed_login_count_to_zero($user_id);
/**
* Attempt to login the user with the given password
* If the user fails validation, false is returned
* If the user passes validation, the cookies are set and
* true is returned. If $p_perm_login is true, the long-term
* cookie is created.
* @param string $p_username a prepared username
* @param string $p_password a prepared password
* @param bool $p_perm_login whether to create a long-term cookie
* @return bool indicates if authentication was successful
* @access public
*/
function auth_attempt_login($p_username, $p_password, $p_perm_login = false)
{
$t_user_id = user_get_id_by_name($p_username);
$t_login_method = config_get('login_method');
if (false === $t_user_id) {
if (BASIC_AUTH == $t_login_method) {
$t_auto_create = true;
} else {
if (LDAP == $t_login_method && ldap_authenticate_by_username($p_username, $p_password)) {
$t_auto_create = true;
} else {
$t_auto_create = false;
}
}
if ($t_auto_create) {
# attempt to create the user
$t_cookie_string = user_create($p_username, md5($p_password));
if (false === $t_cookie_string) {
# it didn't work
return false;
}
# ok, we created the user, get the row again
$t_user_id = user_get_id_by_name($p_username);
if (false === $t_user_id) {
# uh oh, something must be really wrong
# @@@ trigger an error here?
return false;
}
} else {
return false;
}
}
# check for disabled account
if (!user_is_enabled($t_user_id)) {
return false;
}
# max. failed login attempts achieved...
if (!user_is_login_request_allowed($t_user_id)) {
return false;
}
# check for anonymous login
if (!user_is_anonymous($t_user_id)) {
# anonymous login didn't work, so check the password
if (!auth_does_password_match($t_user_id, $p_password)) {
user_increment_failed_login_count($t_user_id);
return false;
}
}
# ok, we're good to login now
# increment login count
user_increment_login_count($t_user_id);
user_reset_failed_login_count_to_zero($t_user_id);
user_reset_lost_password_in_progress_count_to_zero($t_user_id);
# set the cookies
auth_set_cookies($t_user_id, $p_perm_login);
auth_set_tokens($t_user_id);
return true;
}
/**
* Attempt to login the user with the given password
* If the user fails validation, false is returned
* If the user passes validation, the cookies are set and
* true is returned. If $p_perm_login is true, the long-term
* cookie is created.
* @param string $p_username A prepared username.
* @param string $p_password A prepared password.
* @param boolean $p_perm_login Whether to create a long-term cookie.
* @return boolean indicates if authentication was successful
* @access public
*/
function auth_attempt_login($p_username, $p_password, $p_perm_login = false)
{
$t_user_id = auth_get_user_id_from_login_name($p_username);
if ($t_user_id === false) {
$t_user_id = auth_auto_create_user($p_username, $p_password);
if ($t_user_id === false) {
return false;
}
}
# check for disabled account
if (!user_is_enabled($t_user_id)) {
return false;
}
# max. failed login attempts achieved...
if (!user_is_login_request_allowed($t_user_id)) {
return false;
}
# check for anonymous login
if (!user_is_anonymous($t_user_id)) {
# anonymous login didn't work, so check the password
if (!auth_does_password_match($t_user_id, $p_password)) {
user_increment_failed_login_count($t_user_id);
return false;
}
}
# ok, we're good to login now
# increment login count
user_increment_login_count($t_user_id);
user_reset_failed_login_count_to_zero($t_user_id);
user_reset_lost_password_in_progress_count_to_zero($t_user_id);
# set the cookies
auth_set_cookies($t_user_id, $p_perm_login);
auth_set_tokens($t_user_id);
return true;
}
/**
* @todo yarick123: email_collect_recipients(...) will be completely rewritten to provide additional information such as language, user access,..
* @todo yarick123:sort recipients list by language to reduce switches between different languages
* @param int $p_bug_id
* @param string $p_notify_type
* @param array $p_extra_user_ids_to_email
* @return array
*/
function email_collect_recipients($p_bug_id, $p_notify_type, $p_extra_user_ids_to_email = array())
{
$c_bug_id = db_prepare_int($p_bug_id);
$t_recipients = array();
# add explicitly specified users
if (ON == email_notify_flag($p_notify_type, 'explicit')) {
foreach ($p_extra_user_ids_to_email as $t_user_id) {
$t_recipients[$t_user_id] = true;
log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, add explicitly specified user = @U%d', $p_bug_id, $t_user_id));
}
}
# add Reporter
if (ON == email_notify_flag($p_notify_type, 'reporter')) {
$t_reporter_id = bug_get_field($p_bug_id, 'reporter_id');
$t_recipients[$t_reporter_id] = true;
log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, add Reporter = @U%d', $p_bug_id, $t_reporter_id));
}
# add Handler
if (ON == email_notify_flag($p_notify_type, 'handler')) {
$t_handler_id = bug_get_field($p_bug_id, 'handler_id');
if ($t_handler_id > 0) {
$t_recipients[$t_handler_id] = true;
log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, add Handler = @U%d', $p_bug_id, $t_handler_id));
}
}
$t_project_id = bug_get_field($p_bug_id, 'project_id');
# add users monitoring the bug
$t_bug_monitor_table = db_get_table('mantis_bug_monitor_table');
if (ON == email_notify_flag($p_notify_type, 'monitor')) {
$query = "SELECT DISTINCT user_id\n\t\t\t\t\t FROM {$t_bug_monitor_table}\n\t\t\t\t\t WHERE bug_id=" . db_param();
$result = db_query_bound($query, array($c_bug_id));
$count = db_num_rows($result);
for ($i = 0; $i < $count; $i++) {
$t_user_id = db_result($result, $i);
$t_recipients[$t_user_id] = true;
log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, add Monitor = @U%d', $p_bug_id, $t_user_id));
}
}
# add users who contributed bugnotes
$t_bugnote_id = bugnote_get_latest_id($p_bug_id);
$t_bugnote_view = bugnote_get_field($t_bugnote_id, 'view_state');
$t_bugnote_date = bugnote_get_field($t_bugnote_id, 'last_modified');
$t_bug = bug_get($p_bug_id);
$t_bug_date = $t_bug->last_updated;
$t_bugnote_table = db_get_table('mantis_bugnote_table');
if (ON == email_notify_flag($p_notify_type, 'bugnotes')) {
$query = "SELECT DISTINCT reporter_id\n\t\t\t\t\t FROM {$t_bugnote_table}\n\t\t\t\t\t WHERE bug_id = " . db_param();
$result = db_query_bound($query, array($c_bug_id));
$count = db_num_rows($result);
for ($i = 0; $i < $count; $i++) {
$t_user_id = db_result($result, $i);
$t_recipients[$t_user_id] = true;
log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, add Note Author = @U%d', $p_bug_id, $t_user_id));
}
}
# add project users who meet the thresholds
$t_bug_is_private = bug_get_field($p_bug_id, 'view_state') == VS_PRIVATE;
$t_threshold_min = email_notify_flag($p_notify_type, 'threshold_min');
$t_threshold_max = email_notify_flag($p_notify_type, 'threshold_max');
$t_threshold_users = project_get_all_user_rows($t_project_id, $t_threshold_min);
foreach ($t_threshold_users as $t_user) {
if ($t_user['access_level'] <= $t_threshold_max) {
if (!$t_bug_is_private || access_compare_level($t_user['access_level'], config_get('private_bug_threshold'))) {
$t_recipients[$t_user['id']] = true;
log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, add Project User = @U%d', $p_bug_id, $t_user['id']));
}
}
}
# add users as specified by plugins
$t_recipients_include_data = event_signal('EVENT_NOTIFY_USER_INCLUDE', array($p_bug_id, $p_notify_type));
foreach ($t_recipients_include_data as $t_plugin => $t_recipients_include_data2) {
foreach ($t_recipients_include_data2 as $t_callback => $t_recipients_included) {
# only handle if we get an array from the callback
if (is_array($t_recipients_included)) {
foreach ($t_recipients_included as $t_user_id) {
$t_recipients[$t_user_id] = true;
log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, %s plugin added user @U%d', $p_bug_id, $t_plugin, $t_user_id));
}
}
}
}
# FIXME: the value of $p_notify_type could at this stage be either a status
# or a built-in actions such as 'owner and 'sponsor'. We have absolutely no
# idea whether 'new' is indicating a new bug has been filed, or if the
# status of an existing bug has been changed to 'new'. Therefore it is best
# to just assume built-in actions have precedence over status changes.
switch ($p_notify_type) {
case 'new':
case 'feedback':
# This isn't really a built-in action (delete me!)
# This isn't really a built-in action (delete me!)
case 'reopened':
case 'resolved':
case 'closed':
case 'bugnote':
$t_pref_field = 'email_on_' . $p_notify_type;
break;
case 'owner':
# The email_on_assigned notification type is now effectively
# email_on_change_of_handler.
$t_pref_field = 'email_on_assigned';
break;
case 'deleted':
case 'updated':
case 'sponsor':
case 'relation':
case 'monitor':
case 'priority':
# This is never used, but exists in the database!
# FIXME: these notification actions are not actually implemented
# in the database and therefore aren't adjustable on a per-user
# basis! The exception is 'monitor' that makes no sense being a
# customisable per-user preference.
$t_pref_field = false;
break;
default:
# Anything not built-in is probably going to be a status
$t_pref_field = 'email_on_status';
break;
}
# @@@ we could optimize by modifiying user_cache() to take an array
# of user ids so we could pull them all in. We'll see if it's necessary
$t_final_recipients = array();
$t_user_ids = array_keys($t_recipients);
user_cache_array_rows($t_user_ids);
user_pref_cache_array_rows($t_user_ids);
user_pref_cache_array_rows($t_user_ids, $t_bug->project_id);
# Check whether users should receive the emails
# and put email address to $t_recipients[user_id]
foreach ($t_recipients as $t_id => $t_ignore) {
# Possibly eliminate the current user
if (auth_get_current_user_id() == $t_id && OFF == config_get('email_receive_own')) {
log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, drop @U%d (own)', $p_bug_id, $t_id));
continue;
}
# Eliminate users who don't exist anymore or who are disabled
if (!user_exists($t_id) || !user_is_enabled($t_id)) {
log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, drop @U%d (disabled)', $p_bug_id, $t_id));
continue;
}
# Exclude users who have this notification type turned off
if ($t_pref_field) {
$t_notify = user_pref_get_pref($t_id, $t_pref_field);
if (OFF == $t_notify) {
log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, drop @U%d (pref %s off)', $p_bug_id, $t_id, $t_pref_field));
continue;
} else {
# Users can define the severity of an issue before they are emailed for
# each type of notification
$t_min_sev_pref_field = $t_pref_field . '_min_severity';
$t_min_sev_notify = user_pref_get_pref($t_id, $t_min_sev_pref_field);
$t_bug_severity = bug_get_field($p_bug_id, 'severity');
if ($t_bug_severity < $t_min_sev_notify) {
log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, drop @U%d (pref threshold)', $p_bug_id, $t_id));
continue;
}
}
}
# exclude users who don't have at least viewer access to the bug,
# or who can't see bugnotes if the last update included a bugnote
if (!access_has_bug_level(VIEWER, $p_bug_id, $t_id) || $t_bug_date == $t_bugnote_date && !access_has_bugnote_level(VIEWER, $t_bugnote_id, $t_id)) {
log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, drop @U%d (access level)', $p_bug_id, $t_id));
continue;
}
# check to exclude users as specified by plugins
$t_recipient_exclude_data = event_signal('EVENT_NOTIFY_USER_EXCLUDE', array($p_bug_id, $p_notify_type, $t_id));
$t_exclude = false;
foreach ($t_recipient_exclude_data as $t_plugin => $t_recipient_exclude_data2) {
foreach ($t_recipient_exclude_data2 as $t_callback => $t_recipient_excluded) {
# exclude if any plugin returns true (excludes the user)
if ($t_recipient_excluded) {
$t_exclude = true;
log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, %s plugin dropped user @U%d', $p_bug_id, $t_plugin, $t_id));
}
}
}
# user was excluded by a plugin
if ($t_exclude) {
continue;
}
# Finally, let's get their emails, if they've set one
$t_email = user_get_email($t_id);
if (is_blank($t_email)) {
log_event(LOG_EMAIL_RECIPIENT, sprintf('Issue = #%d, drop @U%d (no email)', $p_bug_id, $t_id));
} else {
# @@@ we could check the emails for validity again but I think
# it would be too slow
$t_final_recipients[$t_id] = $t_email;
}
}
return $t_final_recipients;
}
private function get_user($p_parsed_from)
{
if ($this->_mail_use_reporter) {
// Always report as mail_reporter
$t_reporter_id = $this->_mail_reporter_id;
} else {
// Try to get the reporting users id
$t_reporter_id = $this->get_userid_from_email($p_parsed_from['email']);
if (!$t_reporter_id) {
if ($this->_mail_auto_signup) {
// So, we have to sign up a new user...
$t_new_reporter_name = $this->prepare_username($p_parsed_from);
if ($t_new_reporter_name !== FALSE && $this->validate_email_address($p_parsed_from['email'])) {
if (user_signup($t_new_reporter_name, $p_parsed_from['email'])) {
# notify the selected group a new user has signed-up
email_notify_new_account($t_new_reporter_name, $p_parsed_from['email']);
$t_reporter_id = user_get_id_by_email($p_parsed_from['email']);
$t_reporter_name = $t_new_reporter_name;
$t_realname = $this->prepare_realname($p_parsed_from, $t_reporter_name);
if ($t_realname !== FALSE) {
user_set_realname($t_reporter_id, $t_realname);
}
}
}
if (!$t_reporter_id) {
$this->custom_error('Failed to create user based on: ' . $p_parsed_from['From']);
}
}
}
if ((!$t_reporter_id || !user_is_enabled($t_reporter_id)) && $this->_mail_fallback_mail_reporter) {
// Fall back to the default mail_reporter
$t_reporter_id = $this->_mail_reporter_id;
}
}
if ($t_reporter_id && user_is_enabled($t_reporter_id)) {
if (!isset($t_reporter_name)) {
$t_reporter_name = user_get_field($t_reporter_id, 'username');
}
$t_authattemptresult = auth_attempt_script_login($t_reporter_name);
# last attempt for fallback
if ($t_authattemptresult === FALSE && $this->_mail_fallback_mail_reporter && $t_reporter_id != $this->_mail_reporter_id && user_is_enabled($this->_mail_reporter_id)) {
$t_reporter_id = $this->_mail_reporter_id;
$t_reporter_name = user_get_field($t_reporter_id, 'username');
$t_authattemptresult = auth_attempt_script_login($t_reporter_name);
}
if ($t_authattemptresult === TRUE) {
user_update_last_visit($t_reporter_id);
return (int) $t_reporter_id;
}
}
// Normally this function does not get here unless all else failed
$this->custom_error('Could not get a valid reporter. Email will be ignored');
return FALSE;
}
/**
* Check if the specified user is an enabled user with admin access level or above.
* @param integer $p_user_id A valid user identifier.
* @return boolean true: admin, false: otherwise.
*/
function user_is_administrator($p_user_id)
{
if (!user_is_enabled($p_user_id)) {
return false;
}
$t_access_level = user_get_field($p_user_id, 'access_level');
return $t_access_level >= config_get_global('admin_site_threshold');
}
function email_collect_recipients($p_bug_id, $p_notify_type)
{
$c_bug_id = db_prepare_int($p_bug_id);
$t_recipients = array();
# add Reporter
if (ON == email_notify_flag($p_notify_type, 'reporter')) {
$t_reporter_id = bug_get_field($p_bug_id, 'reporter_id');
$t_recipients[$t_reporter_id] = true;
log_event(LOG_EMAIL_RECIPIENT, "bug={$p_bug_id}, add reporter={$t_reporter_id}");
}
# add Handler
if (ON == email_notify_flag($p_notify_type, 'handler')) {
$t_handler_id = bug_get_field($p_bug_id, 'handler_id');
if ($t_handler_id > 0) {
$t_recipients[$t_handler_id] = true;
log_event(LOG_EMAIL_RECIPIENT, "bug={$p_bug_id}, add handler={$t_handler_id}");
}
}
$t_project_id = bug_get_field($p_bug_id, 'project_id');
# add users monitoring the bug
$t_bug_monitor_table = config_get('mantis_bug_monitor_table');
if (ON == email_notify_flag($p_notify_type, 'monitor')) {
$query = "SELECT DISTINCT user_id\n\t\t\t\t\t FROM {$t_bug_monitor_table}\n\t\t\t\t\t WHERE bug_id={$c_bug_id}";
$result = db_query($query);
$count = db_num_rows($result);
for ($i = 0; $i < $count; $i++) {
$t_user_id = db_result($result, $i);
$t_recipients[$t_user_id] = true;
log_event(LOG_EMAIL_RECIPIENT, "bug={$p_bug_id}, add monitor={$t_user_id}");
}
}
# add users who contributed bugnotes
$t_bugnote_id = bugnote_get_latest_id($p_bug_id);
$t_bugnote_view = bugnote_get_field($t_bugnote_id, 'view_state');
$t_bugnote_date = db_unixtimestamp(bugnote_get_field($t_bugnote_id, 'last_modified'));
$t_bug_date = bug_get_field($p_bug_id, 'last_updated');
$t_bugnote_table = config_get('mantis_bugnote_table');
if (ON == email_notify_flag($p_notify_type, 'bugnotes')) {
$query = "SELECT DISTINCT reporter_id\n\t\t\t\t\t FROM {$t_bugnote_table}\n\t\t\t\t\t WHERE bug_id = {$c_bug_id}";
$result = db_query($query);
$count = db_num_rows($result);
for ($i = 0; $i < $count; $i++) {
$t_user_id = db_result($result, $i);
$t_recipients[$t_user_id] = true;
log_event(LOG_EMAIL_RECIPIENT, "bug={$p_bug_id}, add note author={$t_user_id}");
}
}
# add project users who meet the thresholds
$t_bug_is_private = bug_get_field($p_bug_id, 'view_state') == VS_PRIVATE;
$t_threshold_min = email_notify_flag($p_notify_type, 'threshold_min');
$t_threshold_max = email_notify_flag($p_notify_type, 'threshold_max');
$t_threshold_users = project_get_all_user_rows($t_project_id, $t_threshold_min);
foreach ($t_threshold_users as $t_user) {
if ($t_user['access_level'] <= $t_threshold_max) {
if (!$t_bug_is_private || access_compare_level($t_user['access_level'], config_get('private_bug_threshold'))) {
$t_recipients[$t_user['id']] = true;
log_event(LOG_EMAIL_RECIPIENT, "bug={$p_bug_id}, add project user="******"bug={$p_bug_id}, drop {$t_id} (own)");
continue;
}
# Eliminate users who don't exist anymore or who are disabled
if (!user_exists($t_id) || !user_is_enabled($t_id)) {
log_event(LOG_EMAIL_RECIPIENT, "bug={$p_bug_id}, drop {$t_id} (disabled)");
continue;
}
# Exclude users who have this notification type turned off
if ($t_pref_field) {
$t_notify = user_pref_get_pref($t_id, $t_pref_field);
if (OFF == $t_notify) {
log_event(LOG_EMAIL_RECIPIENT, "bug={$p_bug_id}, drop {$t_id} (pref {$t_pref_field} off)");
continue;
} else {
# Users can define the severity of an issue before they are emailed for
# each type of notification
$t_min_sev_pref_field = $t_pref_field . '_min_severity';
$t_min_sev_notify = user_pref_get_pref($t_id, $t_min_sev_pref_field);
$t_bug_severity = bug_get_field($p_bug_id, 'severity');
if ($t_bug_severity < $t_min_sev_notify) {
log_event(LOG_EMAIL_RECIPIENT, "bug={$p_bug_id}, drop {$t_id} (pref threshold)");
continue;
}
}
}
# check that user can see bugnotes if the last update included a bugnote
if ($t_bug_date == $t_bugnote_date) {
if (!access_has_bugnote_level(VIEWER, $t_bugnote_id, $t_id)) {
log_event(LOG_EMAIL_RECIPIENT, "bug={$p_bug_id}, drop {$t_id} (access level)");
continue;
}
}
# Finally, let's get their emails, if they've set one
$t_email = user_get_email($t_id);
if (is_blank($t_email)) {
log_event(LOG_EMAIL_RECIPIENT, "bug={$p_bug_id}, drop {$t_id} (no email)");
} else {
# @@@ we could check the emails for validity again but I think
# it would be too slow
$t_final_recipients[$t_id] = $t_email;
}
}
return $t_final_recipients;
}
/**
* Format and hyperlink mentions
*
* @param string $p_text The text to process.
* @param bool $p_html true for html, false otherwise.
* @return string The processed text.
*/
function mention_format_text($p_text, $p_html = true)
{
$t_mentioned_users = mention_get_users($p_text);
if (empty($t_mentioned_users)) {
return $p_text;
}
$t_mentions_tag = mentions_tag();
$t_formatted_mentions = array();
foreach ($t_mentioned_users as $t_username => $t_user_id) {
$t_mention = $t_mentions_tag . $t_username;
$t_mention_formatted = $t_mention;
if ($p_html) {
$t_mention_formatted = string_display_line($t_mention_formatted);
$t_mention_formatted = '<a class="user" href="' . string_sanitize_url('view_user_page.php?id=' . $t_user_id, true) . '">' . $t_mention_formatted . '</a>';
if (!user_is_enabled($t_user_id)) {
$t_mention_formatted = '<s>' . $t_mention_formatted . '</s>';
}
$t_mention_formatted = '<span class="mention">' . $t_mention_formatted . '</span>';
}
$t_formatted_mentions[$t_mention] = $t_mention_formatted;
}
# Replace the mentions, ignoring existing anchor tags (otherwise
# previously set mailto links would be processed as mentions,
# corrupting the output
$t_text = string_process_exclude_anchors($p_text, function ($p_string) use($t_formatted_mentions) {
return str_replace(array_keys($t_formatted_mentions), array_values($t_formatted_mentions), $p_string);
});
return $t_text;
}
* @link http://www.mantisbt.org
*
* @uses check_api.php
* @uses config_api.php
* @uses user_api.php
*/
if (!defined('CHECK_ANONYMOUS_INC_ALLOW')) {
return;
}
/**
* MantisBT Check API
*/
require_once 'check_api.php';
require_api('config_api.php');
require_api('user_api.php');
check_print_section_header_row('Anonymous access');
$t_anonymous_access_enabled = config_get_global('allow_anonymous_login');
check_print_info_row('Anonymous access is enabled', $t_anonymous_access_enabled ? 'Yes' : 'No');
if (!$t_anonymous_access_enabled) {
return;
}
$t_anonymous_account = config_get_global('anonymous_account');
check_print_test_row('anonymous_account configuration option is specified', $t_anonymous_account !== '', array(true => 'The account currently being used for anonymous access is: ' . htmlentities($t_anonymous_account), false => 'The anonymous_account configuration option must specify the username of an account to use for anonymous logins.'));
if ($t_anonymous_account === '') {
return;
}
$t_anonymous_user_id = user_get_id_by_name($t_anonymous_account);
check_print_test_row('anonymous_account is a valid user account', $t_anonymous_user_id !== false, array(false => 'You need to specify a valid user account to use with the anonymous_account configuration options.'));
check_print_test_row('anonymous_account user has the enabled flag set', user_is_enabled($t_anonymous_user_id), array(false => 'The anonymous user account must be enabled before it can be used.'));
check_print_test_row('anonymous_account user has the protected flag set', user_get_field($t_anonymous_user_id, 'protected'), array(false => 'The anonymous user account needs to have the protected flag set to prevent anonymous users modifying the account.'));
check_print_test_row('anonymous_account user does not have administrator permissions', !user_is_administrator($t_anonymous_user_id), array(true => 'The anonymous user account currently has an access level of: ' . htmlentities(get_enum_element('access_levels', user_get_access_level($t_anonymous_user_id))), false => 'The anonymous user account should not have administrator level permissions.'));
/**
* Gets the managers of the current selected project
*
* @param $version_id
* @return string
*/
public function calculate_person_in_charge($version_id)
{
$person_in_charge = '';
$project_id = helper_get_current_project();
if ($project_id == 0) {
$project_id = version_get_field($version_id, 'project_id');
}
$project_related_users = project_get_local_user_rows($project_id);
$count = 0;
foreach ($project_related_users as $project_related_user) {
if ($project_related_user['project_id'] == $project_id && $project_related_user['access_level'] == 70 && user_is_enabled($project_related_user['user_id'])) {
if ($count > 0) {
$person_in_charge .= ', ';
}
$person_in_charge .= user_get_realname($project_related_user['user_id']);
$count++;
}
}
return $person_in_charge;
}
/**
* Send a notification to user or set of users that were mentioned in an issue
* or an issue note.
*
* @param integer $p_bug_id Issue for which the reminder is sent.
* @param array $p_mention_user_ids User id or list of user ids array.
* @param string $p_message Optional message to add to the e-mail.
* @param array $p_removed_mention_user_ids The users that were removed due to lack of access.
* @return array List of users ids to whom the reminder e-mail was actually sent
*/
function email_user_mention($p_bug_id, $p_mention_user_ids, $p_message, $p_removed_mention_user_ids = array())
{
if (OFF == config_get('enable_email_notification')) {
log_event(LOG_EMAIL_VERBOSE, 'email notifications disabled.');
return array();
}
$t_project_id = bug_get_field($p_bug_id, 'project_id');
$t_sender_id = auth_get_current_user_id();
$t_sender = user_get_name($t_sender_id);
$t_subject = email_build_subject($p_bug_id);
$t_date = date(config_get('normal_date_format'));
$t_user_id = auth_get_current_user_id();
$t_users_processed = array();
foreach ($p_removed_mention_user_ids as $t_removed_mention_user_id) {
log_event(LOG_EMAIL_VERBOSE, 'skipped mention email for U' . $t_removed_mention_user_id . ' (no access to issue or note).');
}
$t_result = array();
foreach ($p_mention_user_ids as $t_mention_user_id) {
# Don't trigger mention emails for self mentions
if ($t_mention_user_id == $t_user_id) {
log_event(LOG_EMAIL_VERBOSE, 'skipped mention email for U' . $t_mention_user_id . ' (self-mention).');
continue;
}
# Don't process a user more than once
if (isset($t_users_processed[$t_mention_user_id])) {
continue;
}
$t_users_processed[$t_mention_user_id] = true;
# Don't email mention notifications to disabled users.
if (!user_is_enabled($t_mention_user_id)) {
continue;
}
lang_push(user_pref_get_language($t_mention_user_id, $t_project_id));
$t_email = user_get_email($t_mention_user_id);
if (access_has_project_level(config_get('show_user_email_threshold'), $t_project_id, $t_mention_user_id)) {
$t_sender_email = ' <' . user_get_email($t_sender_id) . '> ';
} else {
$t_sender_email = '';
}
$t_complete_subject = sprintf(lang_get('mentioned_in'), $t_subject);
$t_header = "\n" . lang_get('on_date') . ' ' . $t_date . ', ' . $t_sender . ' ' . $t_sender_email . lang_get('mentioned_you') . "\n\n";
$t_contents = $t_header . string_get_bug_view_url_with_fqdn($p_bug_id) . " \n\n" . $p_message;
$t_id = email_store($t_email, $t_complete_subject, $t_contents);
if ($t_id !== null) {
$t_result[] = $t_mention_user_id;
}
log_event(LOG_EMAIL_VERBOSE, 'queued mention email ' . $t_id . ' for U' . $t_mention_user_id);
lang_pop();
}
return $t_result;
}
