From: <jfi...@us...> - 2002-08-29 02:56:27
|
Update of /cvsroot/mantisbt/mantisbt/core In directory usw-pr-cvs1:/tmp/cvs-serv15543/core Modified Files: API.php access_api.php authentication_api.php bug_api.php bugnote_api.php database_api.php email_api.php helper_api.php history_api.php html_api.php print_api.php project_api.php string_api.php user_api.php Log Message: holy... how did this end up being so big...??? Well, this makes user_api pretty much complete except for security stuff I still need to check through all the page files because I'm sure there are still pages that aren't calling user_api functions. In fact there are user_api functions that haven't been written yet that I'm pretty sure will need to be... But there ya go... it's better than it was before :) Index: API.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/core/API.php,v retrieving revision 1.12 retrieving revision 1.13 diff -u -d -r1.12 -r1.13 --- API.php 27 Aug 2002 13:55:19 -0000 1.12 +++ API.php 29 Aug 2002 02:56:23 -0000 1.13 @@ -39,6 +39,7 @@ require_once( $t_core_dir . 'summary_api.php' ); require_once( $t_core_dir . 'date_api.php' ); require_once( $t_core_dir . 'user_api.php' ); + require_once( $t_core_dir . 'current_user_api.php' ); require_once( $t_core_dir . 'email_api.php' ); require_once( $t_core_dir . 'news_api.php' ); require_once( $t_core_dir . 'icon_api.php' ); Index: access_api.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/core/access_api.php,v retrieving revision 1.1 retrieving revision 1.2 diff -u -d -r1.1 -r1.2 --- access_api.php 26 Aug 2002 22:35:05 -0000 1.1 +++ access_api.php 29 Aug 2002 02:56:23 -0000 1.2 @@ -32,7 +32,7 @@ return false; } - $t_access_level = get_current_user_field( 'access_level' ); + $t_access_level = current_user_get_field( 'access_level' ); $t_access_level2 = get_project_access_level( $p_project_id ); if ( $t_access_level2 == $p_access_level ) { @@ -73,11 +73,11 @@ } # Administrators ALWAYS pass. - if ( get_current_user_field( 'access_level' ) >= ADMINISTRATOR ) { + if ( current_user_get_field( 'access_level' ) >= ADMINISTRATOR ) { return true; } - $t_access_level = get_current_user_field( 'access_level' ); + $t_access_level = current_user_get_field( 'access_level' ); $t_access_level2 = get_project_access_level( $p_project_id ); # use the project level access level instead of the global access level @@ -105,7 +105,7 @@ } # Administrators ALWAYS pass. - if ( get_current_user_field( 'access_level' ) >= ADMINISTRATOR ) { + if ( current_user_get_field( 'access_level' ) >= ADMINISTRATOR ) { return true; } @@ -115,7 +115,7 @@ # use the project level access level instead of the global access level # if the project level is not specified then use the global access level if ( ( -1 == $t_access_level ) && ( PUBLIC == $t_project_view_state ) ) { - $t_access_level = get_current_user_field( 'access_level' ); + $t_access_level = current_user_get_field( 'access_level' ); } return ( $t_access_level >= $p_access_level ); @@ -129,7 +129,7 @@ return false; } - $t_access_level = get_current_user_field( 'access_level' ); + $t_access_level = current_user_get_field( 'access_level' ); if ( $t_access_level == $p_access_level ) { return true; } else { @@ -148,7 +148,7 @@ return false; } - $t_access_level = get_current_user_field( 'access_level' ); + $t_access_level = current_user_get_field( 'access_level' ); if ( $t_access_level >= $p_access_level ) { return true; @@ -160,7 +160,7 @@ # Checks to see if the user should be here. If not then log the user out. function check_access( $p_access_level ) { # Administrators ALWAYS pass. - if ( get_current_user_field( 'access_level' ) >= ADMINISTRATOR ) { + if ( current_user_get_field( 'access_level' ) >= ADMINISTRATOR ) { return; } if ( !access_level_check_greater_or_equal( $p_access_level ) ) { @@ -179,7 +179,7 @@ project_check( $p_bug_id ); # Administrators ALWAYS pass. - if ( get_current_user_field( 'access_level' ) >= ADMINISTRATOR ) { + if ( current_user_get_field( 'access_level' ) >= ADMINISTRATOR ) { return; } @@ -223,7 +223,7 @@ $t_project_view_state = project_get_field( $p_project_id, 'view_state' ); # Administrators ALWAYS pass. - if ( get_current_user_field( 'access_level' ) >= ADMINISTRATOR ) { + if ( current_user_get_field( 'access_level' ) >= ADMINISTRATOR ) { return; } @@ -250,7 +250,7 @@ $c_project_id = (integer)$p_project_id; - $t_user_id = get_current_user_field( 'id' ); + $t_user_id = current_user_get_field( 'id' ); if ( 0 == $p_project_id ) { if ( (integer)$g_project_cookie_val == 0 ) { return -1; @@ -281,7 +281,7 @@ # use the current user unless otherwise specified if ( 0 == $p_user_id ) { - $t_user_id = get_current_user_field( 'id' ); + $t_user_id = current_user_get_field( 'id' ); } else { $t_user_id = (integer)$p_user_id; } Index: authentication_api.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/core/authentication_api.php,v retrieving revision 1.2 retrieving revision 1.3 diff -u -d -r1.2 -r1.3 --- authentication_api.php 27 Aug 2002 10:08:07 -0000 1.2 +++ authentication_api.php 29 Aug 2002 02:56:23 -0000 1.3 @@ -26,7 +26,7 @@ if ( !empty( $g_string_cookie_val ) ) { $t_user_id = auth_get_current_user_id(); # get user info - $t_enabled = get_current_user_field( 'enabled' ); + $t_enabled = current_user_get_field( 'enabled' ); # check for access enabled if ( OFF == $t_enabled ) { print_header_redirect( 'logout_page.php' ); @@ -72,7 +72,7 @@ # set last visit cookie # get user info - $t_enabled = get_current_user_field( 'enabled' ); + $t_enabled = current_user_get_field( 'enabled' ); # check for acess enabled if ( OFF == $t_enabled ) { @@ -101,7 +101,7 @@ # if logged in if ( !empty( $g_string_cookie_val ) ) { # get user info - $t_enabled = get_current_user_field( 'enabled' ); + $t_enabled = current_user_get_field( 'enabled' ); # check for acess enabled if ( OFF == $t_enabled ) { print_header_redirect( 'logout_page.php' ); Index: bug_api.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/core/bug_api.php,v retrieving revision 1.5 retrieving revision 1.6 diff -u -d -r1.5 -r1.6 --- bug_api.php 28 Aug 2002 14:10:11 -0000 1.5 +++ bug_api.php 29 Aug 2002 02:56:23 -0000 1.6 @@ -161,7 +161,7 @@ $t_ass_val = $h_status; } - $t_handler_id = get_current_user_field( 'id' ); + $t_handler_id = current_user_get_field( 'id' ); if ( ( $t_ass_val != $h_status ) || ( $t_handler_id != $h_handler_id ) ) { $c_id = (integer)$p_bug_id; Index: bugnote_api.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/core/bugnote_api.php,v retrieving revision 1.6 retrieving revision 1.7 diff -u -d -r1.6 -r1.7 --- bugnote_api.php 26 Aug 2002 21:58:47 -0000 1.6 +++ bugnote_api.php 29 Aug 2002 02:56:23 -0000 1.7 @@ -85,7 +85,7 @@ } # get user information - $u_id = get_current_user_field( 'id' ); + $u_id = current_user_get_field( 'id' ); # insert bugnote info $query = "INSERT Index: database_api.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/core/database_api.php,v retrieving revision 1.5 retrieving revision 1.6 diff -u -d -r1.5 -r1.6 --- database_api.php 27 Aug 2002 04:26:42 -0000 1.5 +++ database_api.php 29 Aug 2002 02:56:23 -0000 1.6 @@ -161,7 +161,7 @@ # -------------------- # prepare a boolean before DB insertion function db_prepare_bool( $p_bool ) { - return (bool)$p_bool; + return (int)(bool)$p_bool; } # -------------------- Index: email_api.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/core/email_api.php,v retrieving revision 1.6 retrieving revision 1.7 diff -u -d -r1.6 -r1.7 --- email_api.php 27 Aug 2002 10:08:08 -0000 1.6 +++ email_api.php 29 Aug 2002 02:56:23 -0000 1.7 @@ -408,7 +408,7 @@ $t_message = $g_email_separator1."\n"; if ( $p_message != $s_email_bug_deleted_msg) { $t_message .= $g_path; - if ( ADVANCED_ONLY == $g_show_view || ( BOTH == $g_show_view && ON == get_current_user_pref_field( 'advanced_view' ) ) ) { + if ( ADVANCED_ONLY == $g_show_view || ( BOTH == $g_show_view && ON == current_user_get_pref( 'advanced_view' ) ) ) { $t_message .= 'view_bug_advanced_page.php'; } else { $t_message .= 'view_bug_page.php'; Index: helper_api.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/core/helper_api.php,v retrieving revision 1.8 retrieving revision 1.9 diff -u -d -r1.8 -r1.9 --- helper_api.php 28 Aug 2002 22:16:50 -0000 1.8 +++ helper_api.php 29 Aug 2002 02:56:23 -0000 1.9 @@ -231,7 +231,7 @@ ( 1 == $p_no_referer ) ) { switch ( $g_show_view ) { case BOTH: - if ( ON == get_current_user_pref_field( 'advanced_view' ) ) { + if ( ON == current_user_get_pref( 'advanced_view' ) ) { return 'view_bug_advanced_page.php?f_id='.$p_bug_id; } else { return 'view_bug_page.php?f_id='.$p_bug_id; @@ -258,7 +258,7 @@ ( 1 == $p_no_referer ) ) { switch( $g_show_report ) { case BOTH: - if ( ON == get_current_user_pref_field( 'advanced_report' ) ) { + if ( ON == current_user_get_pref( 'advanced_report' ) ) { return 'bug_add_advanced_page.php'; } else { return 'bug_add_page.php'; Index: history_api.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/core/history_api.php,v retrieving revision 1.2 retrieving revision 1.3 diff -u -d -r1.2 -r1.3 --- history_api.php 25 Aug 2002 08:14:59 -0000 1.2 +++ history_api.php 29 Aug 2002 02:56:23 -0000 1.3 @@ -27,7 +27,7 @@ $c_bug_id = (integer)$p_bug_id; $c_user_id = (integer)$p_user_id; if ( 0 == $c_user_id ) { - $c_user_id = get_current_user_field( 'id' ); + $c_user_id = current_user_get_field( 'id' ); }; $query = "INSERT INTO $g_mantis_bug_history_table @@ -54,7 +54,7 @@ $c_type = (integer)$p_type; $c_optional = string_prepare_text( $p_optional ); $c_optional2 = string_prepare_text( $p_optional2 ); - $t_user_id = get_current_user_field( 'id' ); + $t_user_id = current_user_get_field( 'id' ); $query = "INSERT INTO $g_mantis_bug_history_table ( user_id, bug_id, date_modified, type, old_value, new_value ) Index: html_api.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/core/html_api.php,v retrieving revision 1.4 retrieving revision 1.5 diff -u -d -r1.4 -r1.5 --- html_api.php 26 Aug 2002 00:40:23 -0000 1.4 +++ html_api.php 29 Aug 2002 02:56:23 -0000 1.5 @@ -238,8 +238,8 @@ $s_access_levels_enum_string, $g_use_javascript; - $t_username = get_current_user_field( 'username' ); - $t_access_level = get_enum_element( 'access_levels', get_current_user_access_level() ); + $t_username = current_user_get_field( 'username' ); + $t_access_level = get_enum_element( 'access_levels', current_user_get_access_level() ); $t_now = date( $g_complete_date_format ); PRINT '<table class="hide">'; @@ -313,7 +313,7 @@ $s_jump, $s_logout_link; if ( isset( $g_string_cookie_val ) ) { - $t_protected = get_current_user_field( 'protected' ); + $t_protected = current_user_get_field( 'protected' ); PRINT '<table class="width100" cellspacing="0">'; PRINT '<tr>'; PRINT '<td class="menu">'; @@ -406,20 +406,20 @@ $t_manage_page = 'manage_page.php'; $t_manage_project_menu_page = 'manage_proj_menu_page.php'; - $t_manage_create_user_page = 'manage_create_user_page.php'; + $t_manage_user_create_page = 'manage_user_create_page.php'; $t_documentation_page = 'documentation_page.php'; switch ( $p_page ) { case $t_manage_page : $t_manage_page = ''; break; case $t_manage_project_menu_page: $t_manage_project_menu_page = ''; break; - case $t_manage_create_user_page : $t_manage_create_user_page = ''; break; + case $t_manage_user_create_page : $t_manage_user_create_page = ''; break; case $t_documentation_page : $t_documentation_page = ''; break; } PRINT '<p><div align="center">'; print_bracket_link( $t_manage_page, $s_manage_users_link ); print_bracket_link( $t_manage_project_menu_page, $s_manage_projects_link ); - print_bracket_link( $t_manage_create_user_page, $s_create_new_account_link ); + print_bracket_link( $t_manage_user_create_page, $s_create_new_account_link ); print_bracket_link( $t_documentation_page, $s_documentation_link ); PRINT '</div>'; } Index: print_api.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/core/print_api.php,v retrieving revision 1.5 retrieving revision 1.6 diff -u -d -r1.5 -r1.6 --- print_api.php 28 Aug 2002 09:58:32 -0000 1.5 +++ print_api.php 29 Aug 2002 02:56:23 -0000 1.6 @@ -83,7 +83,7 @@ # -------------------- function print_duplicate_id( $p_duplicate_id ) { if ( $p_duplicate_id != '0000000' ) { - if ( ON == get_current_user_pref_field( 'advanced_view' ) ) { + if ( ON == current_user_get_pref( 'advanced_view' ) ) { PRINT "<a href=\"view_bug_advanced_page.php?f_id=$p_duplicate_id\">".$p_duplicate_id."</a>"; } else { PRINT "<a href=\"view_bug_page.php?f_id=$p_duplicate_id\">".$p_duplicate_id."</a>"; @@ -396,8 +396,8 @@ global $g_mantis_project_table, $g_mantis_project_user_list_table, $g_project_cookie_val; - $t_user_id = get_current_user_field( 'id' ); - $t_access_level = get_current_user_field( 'access_level' ); + $t_user_id = current_user_get_field( 'id' ); + $t_access_level = current_user_get_field( 'access_level' ); $t_pub = PUBLIC; $t_prv = PRIVATE; @@ -478,7 +478,7 @@ FROM $g_mantis_project_table ORDER BY name"; } else { - $t_user_id = get_current_user_field( 'id' ); + $t_user_id = current_user_get_field( 'id' ); $query = "SELECT p.id, p.name FROM $g_mantis_project_table p, $g_mantis_project_user_list_table m WHERE p.id=m.project_id AND @@ -805,7 +805,7 @@ switch ( $g_show_view ) { case BOTH: - if ( ON == get_current_user_pref_field( 'advanced_view' ) ) { + if ( ON == current_user_get_pref( 'advanced_view' ) ) { PRINT "<a href=\"view_bug_advanced_page.php?f_id=$p_id\">$p_id</a>"; } else { PRINT "<a href=\"view_bug_page.php?f_id=$p_id\">$p_id</a>"; @@ -827,7 +827,7 @@ switch ( $g_show_update ) { case BOTH: - if ( ON == get_current_user_pref_field( 'advanced_update' ) ) { + if ( ON == current_user_get_pref( 'advanced_update' ) ) { return 'bug_update_advanced_page.php'; } else { return 'bug_update_page.php'; @@ -849,7 +849,7 @@ switch ( $g_show_view ) { case BOTH: - if ( ON == get_current_user_pref_field( 'advanced_view' ) ) { + if ( ON == current_user_get_pref( 'advanced_view' ) ) { return "<a href=\"view_bug_advanced_page.php?f_id=$p_id\">$p_id</a>"; } else { return "<a href=\"view_bug_page.php?f_id=$p_id\">$p_id</a>"; @@ -871,7 +871,7 @@ switch ( $g_show_view ) { case BOTH: - if ( ON == get_current_user_pref_field( 'advanced_view' ) ) { + if ( ON == current_user_get_pref( 'advanced_view' ) ) { return 'view_bug_advanced_page.php?f_id='.$p_id; } else { return 'view_bug_page.php?f_id='.$p_id; @@ -1031,12 +1031,12 @@ switch ( $g_show_user_email ) { case NONE: return $p_text; case ALL: return "<a href=\"mailto:$p_email\">$p_text</a>"; - case NO_ANONYMOUS: if ( get_current_user_field( 'username' ) != $g_anonymous_account ) { + case NO_ANONYMOUS: if ( current_user_get_field( 'username' ) != $g_anonymous_account ) { return "<a href=\"mailto:$p_email\">$p_text</a>"; } else { return $p_text; } - case ADMIN_ONLY: if ( ADMINISTRATOR == get_current_user_field( 'access_level' ) ) { + case ADMIN_ONLY: if ( ADMINISTRATOR == current_user_get_field( 'access_level' ) ) { return "<a href=\"mailto:$p_email\">$p_text</a>"; } else { return $p_text; @@ -1061,12 +1061,12 @@ switch ( $g_show_user_email ) { case NONE: return $p_text; case ALL: return "<a href=\"mailto:$p_email?subject=$p_summary\">$p_text</a>"; - case NO_ANONYMOUS: if ( get_current_user_field( 'username' ) != $g_anonymous_account ) { + case NO_ANONYMOUS: if ( current_user_get_field( 'username' ) != $g_anonymous_account ) { return "<a href=\"mailto:$p_email?subject=$p_summary\">$p_text</a>"; } else { return $p_text; } - case ADMIN_ONLY: if ( ADMINISTRATOR == get_current_user_field( 'access_level' ) ) { + case ADMIN_ONLY: if ( ADMINISTRATOR == current_user_get_field( 'access_level' ) ) { return "<a href=\"mailto:$p_email?subject=$p_summary\">$p_text</a>"; } else { return $p_text; Index: project_api.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/core/project_api.php,v retrieving revision 1.8 retrieving revision 1.9 diff -u -d -r1.8 -r1.9 --- project_api.php 27 Aug 2002 10:08:08 -0000 1.8 +++ project_api.php 29 Aug 2002 02:56:23 -0000 1.9 @@ -279,6 +279,30 @@ } } # -------------------- + # Return the user's access level on the project or false + # if the user is not listed on the project + function project_get_user_access_level( $p_project_id, $p_user_id ) { + $c_project_id = db_prepare_int( $p_project_id ); + $c_user_id = db_prepare_int( $p_user_id ); + + if ( 0 == $c_project_id ) { + return false; + } + + $t_project_user_list_table = config_get( 'mantis_project_user_list_table' ); + + $query = "SELECT access_level + FROM $t_project_user_list_table + WHERE user_id='$c_user_id' AND project_id='$c_project_id'"; + $result = db_query( $query ); + + if ( db_num_rows( $result ) > 0 ) { + return db_result( $result ); + } else { + return false; + } + } + # -------------------- # return the descriptor holding all the info from the project user list # for the specified project function project_get_all_user_rows( $p_project_id ) { Index: string_api.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/core/string_api.php,v retrieving revision 1.4 retrieving revision 1.5 diff -u -d -r1.4 -r1.5 --- string_api.php 27 Aug 2002 04:26:43 -0000 1.4 +++ string_api.php 29 Aug 2002 02:56:23 -0000 1.5 @@ -135,7 +135,7 @@ $t_tag = config_get( 'bug_link_tag' ); $t_path = config_get( 'path' ); - if ( ON == get_current_user_pref_field( 'advanced_view' ) ) { + if ( ON == current_user_get_pref( 'advanced_view' ) ) { $t_page_name = 'view_bug_advanced_page.php'; } else { $t_page_name = 'view_bug_page.php'; Index: user_api.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/core/user_api.php,v retrieving revision 1.15 retrieving revision 1.16 diff -u -d -r1.15 -r1.16 --- user_api.php 28 Aug 2002 10:25:44 -0000 1.15 +++ user_api.php 29 Aug 2002 02:56:23 -0000 1.16 @@ -133,15 +133,15 @@ #=================================== # -------------------- - # returns true if the username is unique, false if there is already a user + # return true if the username is unique, false if there is already a user # with that username function user_is_name_unique( $p_username ) { - $t_user_table = config_get( 'g_mantis_user_table' ); - $c_username = db_prepare_string( $p_username ); - $query = "COUNT(*) - FROM $g_mantis_user_table + $t_user_table = config_get( 'mantis_user_table' ); + + $query = "SELECT COUNT(*) + FROM $t_user_table WHERE username='$c_username'"; $result = db_query( $query ); @@ -153,13 +153,21 @@ } } # -------------------- + # Check if the username is unique + # return true if it is, trigger an ERROR if it isn't + function user_ensure_name_unique( $p_username ) { + if ( ! user_is_name_unique( $p_username ) ) { + trigger_error( ERROR_USER_NAME_NOT_UNIQUE, ERROR ); + } + } + # -------------------- # return whether user is monitoring bug for the user id and bug id function user_is_monitoring_bug( $p_user_id, $p_bug_id ) { - $t_bug_monitor_table = config_get( 'mantis_bug_monitor_table' ); - $c_user_id = db_prepare_int( $p_user_id ); $c_bug_id = db_prepare_int( $p_bug_id ); + $t_bug_monitor_table = config_get( 'mantis_bug_monitor_table' ); + $query = "SELECT COUNT(*) FROM $t_bug_monitor_table WHERE user_id='$c_user_id' AND bug_id='$c_bug_id'"; @@ -175,11 +183,11 @@ # -------------------- # @@@ unused function user_has_project_prefs( $p_user_id, $p_project_id ) { - $t_user_pref_table = config_get( 'mantis_user_pref_table' ); - $c_project_id = db_prepare_int( $p_project_id ); $c_user_id = db_prepare_int( $p_user_id ); + $t_user_pref_table = config_get( 'mantis_user_pref_table' ); + $query = "SELECT COUNT(*) FROM $t_user_pref_table WHERE user_id='$c_user_id' AND project_id='$c_project_id'"; @@ -198,91 +206,98 @@ # -------------------- # Create a user. - # If $g_use_ldap_email then tries to find email using ldap - # $p_email may be empty, but the user wont get any emails. # returns false if error, the generated cookie string if ok - function user_signup( $p_username, $p_email=null ) { - if ( ( null === $p_email ) && ( ON == config_get( 'use_ldap_email' ) ) ) { - $p_email = ldap_email( $p_username, 'email' ); + function user_create( $p_username, $p_password, $p_email='', $p_access_level=null, $p_protected=false, $p_enabled=true ) { + if ( null === $p_access_level ) { + $p_access_level = config_get( 'default_new_account_access_level'); } - $c_username = db_prepare_string( $p_username ); - $c_email = db_prepare_string( $p_email ); + $t_password = process_plain_password( $p_password ); - $t_use_ldap_email = config_get( 'use_ldap_email '); - $t_default_new_account_access_level = config_get( 'default_new_account_access_level '); - $t_default_advanced_report = config_get( 'default_advanced_report '); - $t_default_advanced_view = config_get( 'default_advanced_view '); - $t_default_advanced_update = config_get( 'default_advanced_update '); - $t_default_refresh_delay = config_get( 'default_refresh_delay '); - $t_default_redirect_delay = config_get( 'default_redirect_delay '); - $t_default_email_on_new = config_get( 'default_email_on_new '); - $t_default_email_on_assigned = config_get( 'default_email_on_assigned '); - $t_default_email_on_feedback = config_get( 'default_email_on_feedback '); - $t_default_email_on_resolved = config_get( 'default_email_on_resolved '); - $t_default_email_on_closed = config_get( 'default_email_on_closed '); - $t_default_email_on_reopened = config_get( 'default_email_on_reopened '); - $t_default_email_on_bugnote = config_get( 'default_email_on_bugnote '); - $t_default_email_on_status = config_get( 'default_email_on_status '); - $t_default_email_on_priority = config_get( 'default_email_on_priority '); - $t_default_language = config_get( 'default_language '); + $c_username = db_prepare_string( $p_username ); + $c_password = db_prepare_string( $t_password ); + $c_email = db_prepare_string( $p_email ); + $c_access_level = db_prepare_int( $p_access_level ); + $c_protected = db_prepare_bool( $p_protected ); + $c_enabled = db_prepare_bool( $p_enabled ); - $t_user_table = config_get( 'mantis_user_table' ); - $t_user_pref_table = config_get( 'mantis_user_pref_table' ); + user_ensure_name_unique( $p_username ); - $t_seed = $p_email ? $p_email : $p_username; - # Create random password - $t_password = create_random_password( $t_seed ); - # Use a default access level - # create the almost unique string for each user then insert into the table + $t_seed = $p_email.$p_username; $t_cookie_string = create_cookie_string( $t_seed ); - $t_password2 = process_plain_password( $t_password ); - $query = "INSERT INTO $t_user_table - ( id, username, email, password, date_created, last_visit, - enabled, protected, access_level, login_count, cookie_string ) - VALUES - ( null, '$c_username', '$c_email', '$t_password2', NOW(), NOW(), - 1, 0, $t_default_new_account_access_level, 0, '$t_cookie_string')"; - $result = db_query( $query ); + $t_default_advanced_report = config_get( 'default_advanced_report'); + $t_default_advanced_view = config_get( 'default_advanced_view'); + $t_default_advanced_update = config_get( 'default_advanced_update'); + $t_default_refresh_delay = config_get( 'default_refresh_delay'); + $t_default_redirect_delay = config_get( 'default_redirect_delay'); + $t_default_email_on_new = config_get( 'default_email_on_new'); + $t_default_email_on_assigned = config_get( 'default_email_on_assigned'); + $t_default_email_on_feedback = config_get( 'default_email_on_feedback'); + $t_default_email_on_resolved = config_get( 'default_email_on_resolved'); + $t_default_email_on_closed = config_get( 'default_email_on_closed'); + $t_default_email_on_reopened = config_get( 'default_email_on_reopened'); + $t_default_email_on_bugnote = config_get( 'default_email_on_bugnote'); + $t_default_email_on_status = config_get( 'default_email_on_status'); + $t_default_email_on_priority = config_get( 'default_email_on_priority'); + $t_default_language = config_get( 'default_language'); - if ( !$result ) { - return false; - } + $t_user_table = config_get( 'mantis_user_table' ); + $t_user_pref_table = config_get( 'mantis_user_pref_table' ); + + $query = "INSERT INTO $t_user_table + ( id, username, email, password, date_created, last_visit, + enabled, protected, access_level, login_count, cookie_string ) + VALUES + ( null, '$c_username', '$c_email', '$c_password', NOW(), NOW(), + $c_enabled, $c_protected, $c_access_level, 0, '$t_cookie_string')"; + db_query( $query ); # Create preferences for the user $t_user_id = db_insert_id(); $query = "INSERT INTO $t_user_pref_table - (id, user_id, advanced_report, advanced_view, advanced_update, - refresh_delay, redirect_delay, - email_on_new, email_on_assigned, - email_on_feedback, email_on_resolved, - email_on_closed, email_on_reopened, - email_on_bugnote, email_on_status, - email_on_priority, language) - VALUES - (null, '$t_user_id', '$t_default_advanced_report', - '$t_default_advanced_view', '$t_default_advanced_update', - '$t_default_refresh_delay', '$t_default_redirect_delay', - '$t_default_email_on_new', '$t_default_email_on_assigned', - '$t_default_email_on_feedback', '$t_default_email_on_resolved', - '$t_default_email_on_closed', '$t_default_email_on_reopened', - '$t_default_email_on_bugnote', '$t_default_email_on_status', - '$t_default_email_on_priority', '$t_default_language')"; - $result = db_query($query); - - if ( !$result ) { - return false; - } + (id, user_id, advanced_report, advanced_view, advanced_update, + refresh_delay, redirect_delay, + email_on_new, email_on_assigned, + email_on_feedback, email_on_resolved, + email_on_closed, email_on_reopened, + email_on_bugnote, email_on_status, + email_on_priority, language) + VALUES + (null, '$t_user_id', '$t_default_advanced_report', + '$t_default_advanced_view', '$t_default_advanced_update', + '$t_default_refresh_delay', '$t_default_redirect_delay', + '$t_default_email_on_new', '$t_default_email_on_assigned', + '$t_default_email_on_feedback', '$t_default_email_on_resolved', + '$t_default_email_on_closed', '$t_default_email_on_reopened', + '$t_default_email_on_bugnote', '$t_default_email_on_status', + '$t_default_email_on_priority', '$t_default_language')"; + db_query($query); # Send notification email if ( $p_email ) { - email_signup( $t_user_id, $t_password ); + email_signup( $t_user_id, $p_password ); } return $t_cookie_string; } # -------------------- + # Signup a user. + # If the use_ldap_email config option is on then tries to find email using + # ldap. $p_email may be empty, but the user wont get any emails. + # returns false if error, the generated cookie string if ok + function user_signup( $p_username, $p_email=null ) { + if ( ( null === $p_email ) && ( ON == config_get( 'use_ldap_email' ) ) ) { + $p_email = ldap_email( $p_username ); + } + + $t_seed = $p_email.$p_username; + # Create random password + $t_password = create_random_password( $t_seed ); + + return user_create( $p_username, $t_password, $p_email ); + } + # -------------------- # delete an account # returns true when the account was successfully deleted function user_delete( $p_user_id ) { @@ -294,37 +309,84 @@ $t_project_user_list_table = config_get('mantis_project_user_list_table'); if ( !user_get_field( $p_user_id, 'protected' ) ) { - # Remove account - $query = "DELETE - FROM $t_user_table - WHERE id='$c_user_id'"; - $result = db_query( $query ); - $success = db_affected_rows(); - - # Remove associated profiles - $query = "DELETE - FROM $t_user_profile_table - WHERE user_id='$c_user_id'"; - $result = db_query( $query ); - + # Remove account + $query = "DELETE + FROM $t_user_table + WHERE id='$c_user_id'"; + db_query( $query ); + + # Remove associated profiles + $query = "DELETE + FROM $t_user_profile_table + WHERE user_id='$c_user_id'"; + db_query( $query ); + # Remove associated preferences - $query = "DELETE - FROM $t_user_pref_table - WHERE user_id='$c_user_id'"; - $result = db_query( $query ); - - $query = "DELETE - FROM $t_project_user_list_table - WHERE user_id='$c_user_id'"; - $result = db_query( $query ); + $query = "DELETE + FROM $t_user_pref_table + WHERE user_id='$c_user_id'"; + db_query( $query ); - drop_user_info_cache(); + $query = "DELETE + FROM $t_project_user_list_table + WHERE user_id='$c_user_id'"; + db_query( $query ); - return $success; + user_clear_cache( $p_user_id ); + + return true; } else { - return 0; + return false; } } + # -------------------- + # @@@ unused + function user_create_project_prefs( $p_user_id, $p_project_id ) { + $c_user_id = db_prepare_int( $p_user_id ); + $c_project_id = db_prepare_int( $p_project_id ); + + $t_user_pref_table = config_get( 'mantis_user_pref_table' ); + + $t_default_advanced_report = config_get( 'default_advanced_report'); + $t_default_advanced_view = config_get( 'default_advanced_view'); + $t_default_advanced_update = config_get( 'default_advanced_update'); + $t_default_refresh_delay = config_get( 'default_refresh_delay'); + $t_default_redirect_delay = config_get( 'default_redirect_delay'); + $t_default_email_on_new = config_get( 'default_email_on_new'); + $t_default_email_on_assigned = config_get( 'default_email_on_assigned'); + $t_default_email_on_feedback = config_get( 'default_email_on_feedback'); + $t_default_email_on_resolved = config_get( 'default_email_on_resolved'); + $t_default_email_on_closed = config_get( 'default_email_on_closed'); + $t_default_email_on_reopened = config_get( 'default_email_on_reopened'); + $t_default_email_on_bugnote = config_get( 'default_email_on_bugnote'); + $t_default_email_on_status = config_get( 'default_email_on_status'); + $t_default_email_on_priority = config_get( 'default_email_on_priority'); + $t_default_language = config_get( 'default_language'); + + $query = "INSERT + INTO $t_user_pref_table + (id, user_id, project_id, + advanced_report, advanced_view, advanced_update, + refresh_delay, redirect_delay, + email_on_new, email_on_assigned, + email_on_feedback, email_on_resolved, + email_on_closed, email_on_reopened, + email_on_bugnote, email_on_status, + email_on_priority, language) + VALUES + (null, '$c_user_id', '$c_project_id', + '$t_default_advanced_report', '$t_default_advanced_view', '$t_default_advanced_update', + '$t_default_refresh_delay', '$t_default_redirect_delay', + '$t_default_email_on_new', '$t_default_email_on_assigned', + '$t_default_email_on_feedback', '$t_default_email_on_resolved', + '$t_default_email_on_closed', '$t_default_email_on_reopened', + '$t_default_email_on_bugnote', '$t_default_email_on_status', + '$t_default_email_on_priority', '$t_default_language')"; + db_query($query); + + # db_query() errors on failure so: + return true; + } #=================================== # Data Access @@ -333,10 +395,10 @@ # get a user id from a username # return false if the username does not exist function user_get_id_by_name( $p_username ) { - $t_user_table = config_get( 'mantis_user_table' ); - $c_username = db_prepare_string( $p_username ); + $t_user_table = config_get( 'mantis_user_table' ); + $query = "SELECT id FROM $t_user_table WHERE username='$c_username'"; @@ -358,7 +420,7 @@ return false; } - $row = user_cache_row( $t_user_id ); + $row = user_get_row( $t_user_id ); return $row; } @@ -382,7 +444,7 @@ # -------------------- # return the specified user field for the user id function user_get_field( $p_user_id, $p_field_name ) { - $row = user_cache_row( $p_user_id ); + $row = user_get_row( $p_user_id ); if ( isset( $row[$p_field_name] ) ) { return $row[$p_field_name]; @@ -401,11 +463,12 @@ } } # -------------------- - # returns username + # return the username or a string saying "user no longer exists" + # if the user does not exist function user_get_name( $p_user_id ) { $t_string = lang_get( 'user_no_longer_exists' ); - $row = user_cache_row( $p_user_id, false ); + $row = user_get_row( $p_user_id, false ); if ( false == $row ) { return $t_string; @@ -413,236 +476,115 @@ return $row['username']; } } - - #=================================== - # Data Modification - #=================================== - - # -------------------- - # Update the last_visited field to be NOW() - function user_update_last_visit( $p_user_id ) { - $t_user_table = config_get( 'mantis_user_table' ); - - # @@@ remove this once old user caching is gotten rid of - drop_user_info_cache(); - - $c_user_id = db_prepare_int( $p_user_id ); - - $query = "UPDATE $t_user_table - SET last_visit=NOW() - WHERE id='$c_user_id'"; - - db_query( $query ); - - user_clear_cache( $p_user_id ); - - # db_query() errors on failure so: - return true; - } - # -------------------- - # This function is only called from the login.php3 script - function user_increment_login_count( $p_user_id ) { - $t_user_table = config_get( 'mantis_user_table' ); - - $c_user_id = db_prepare_int( $p_user_id ); - - $query = "UPDATE $t_user_table - SET login_count=login_count+1 - WHERE id='$c_user_id'"; - - db_query( $query ); - - #db_query() errors on failure so: - return true; - } - - - -######################################### -# -# Current user functions -# -# These functions operate on the current user -# -# They should be refactored into functions that take a user -# with the current functions calling the new ones with the -# result of auth_get_current_user_id() as the first parameter -# -# The naming of these and whether they should be in another api -# file is also an issue. The best I can think of is: -# -# current_user_*() but I'm tempted to leave them in this file -# -# maybe they need to be user_current_*() or user_*_current() ?? -# -################################## - - # -------------------- - # Flush user information cache. Should be called when the user information - # is changed. - function drop_user_info_cache( ) { - global $g_current_user_info; - unset ( $g_current_user_info ); - } # -------------------- - - # -------------------- - # @@@ unused - function user_create_project_prefs( $p_project_id ) { - $c_project_id = db_prepare_int($p_project_id); - - $t_user_pref_table = config_get('mantis_user_pref_table'); - - $t_user_id = get_current_user_field( 'id' ); - $query = "INSERT - INTO $t_user_pref_table - (id, user_id, project_id, - advanced_report, advanced_view, advanced_update, - refresh_delay, redirect_delay, - email_on_new, email_on_assigned, - email_on_feedback, email_on_resolved, - email_on_closed, email_on_reopened, - email_on_bugnote, email_on_status, - email_on_priority, language) - VALUES - (null, '$t_user_id', '$c_project_id', - '$g_default_advanced_report', '$g_default_advanced_view', '$g_default_advanced_update', - '$g_default_refresh_delay', '$g_default_redirect_delay', - '$g_default_email_on_new', '$g_default_email_on_assigned', - '$g_default_email_on_feedback', '$g_default_email_on_resolved', - '$g_default_email_on_closed', '$g_default_email_on_reopened', - '$g_default_email_on_bugnote', '$g_default_email_on_status', - '$g_default_email_on_priority', '$g_default_language')"; - $result = db_query($query); - } - # -------------------- - # grabs the access level of the current user - # this function accounts for private project and the project user lists - function get_current_user_access_level() { - global $g_string_cookie_val; - - $t_access_level = get_current_user_field( 'access_level' ); - $t_access_level2 = get_project_access_level(); + # return the user's access level + # account for private project and the project user lists + function user_get_access_level( $p_user_id, $p_project_id ) { + $t_access_level = user_get_field( $p_user_id, 'access_level' ); if ( $t_access_level >= ADMINISTRATOR ) { return $t_access_level; } - if ( -1 == $t_access_level2 ) { + $t_project_access_level = project_get_user_access_level( $p_user_id, $p_project_id ); + + if ( false === $t_project_access_level ) { return $t_access_level; } else { - return $t_access_level2; + return $t_project_access_level; } } # -------------------- - # retrieve the number of open assigned bugs to a user in a project - function get_assigned_open_bug_count( $p_project_id, $p_cookie_str ) { + # return the number of open assigned bugs to a user in a project + function user_get_assigned_open_bug_count( $p_user_id, $p_project_id=0 ) { + $c_user_id = db_prepare_int($p_user_id); $c_project_id = db_prepare_int($p_project_id); - $c_cookie_str = db_prepare_string($p_cookie_str); $t_bug_table = config_get('mantis_bug_table'); - $t_user_table = config_get('mantis_user_table'); - $query ="SELECT id ". - "FROM $t_user_table ". - "WHERE cookie_string='$c_cookie_str'"; - $result = db_query( $query ); - $t_id = db_result( $result ); - - if ( '0000000' == helper_get_current_project() ) { + if ( 0 == $p_project_id ) { $t_where_prj = ''; } else { $t_where_prj = "project_id='$c_project_id' AND"; } - $t_res = RESOLVED; - $t_clo = CLOSED; - $query ="SELECT COUNT(*) ". - "FROM $t_bug_table ". - "WHERE $t_where_prj ". - "status<>'$t_res' AND status<>'$t_clo' AND ". - "handler_id='$t_id'"; + + $t_resolved = RESOLVED; + $t_closed = CLOSED; + + $query = "SELECT COUNT(*) + FROM $t_bug_table + WHERE $t_where_prj + status<>'$t_resolved' AND status<>'$t_closed' AND + handler_id='$c_user_id'"; $result = db_query( $query ); - return db_result( $result, 0, 0 ); + + return db_result( $result ); } # -------------------- - # retrieve the number of open reported bugs by a user in a project - function get_reported_open_bug_count( $p_project_id, $p_cookie_str ) { + # return the number of open reported bugs by a user in a project + function user_get_reported_open_bug_count( $p_user_id, $p_project_id=0 ) { + $c_user_id = db_prepare_int($p_user_id); $c_project_id = db_prepare_int($p_project_id); - $c_cookie_str = db_prepare_string($p_cookie_str); $t_bug_table = config_get('mantis_bug_table'); - $t_user_table = config_get('mantis_user_table'); - $query ="SELECT id ". - "FROM $t_user_table ". - "WHERE cookie_string='$c_cookie_str'"; - $result = db_query( $query ); - $t_id = db_result( $result ); - - if ( '0000000' == helper_get_current_project() ) { + if ( 0 == $p_project_id ) { $t_where_prj = ''; } else { $t_where_prj = "project_id='$c_project_id' AND"; } - $t_res = RESOLVED; - $t_clo = CLOSED; - $query ="SELECT COUNT(*) ". - "FROM $t_bug_table ". - "WHERE $t_where_prj ". - "status<>'$t_res' AND status<>'$t_clo' AND ". - "reporter_id='$t_id'"; + + $t_resolved = RESOLVED; + $t_closed = CLOSED; + + $query = "SELECT COUNT(*) + FROM $t_bug_table + WHERE $t_where_prj + status<>'$t_resolved' AND status<>'$t_closed' AND + reporter_id='$c_user_id'"; $result = db_query( $query ); - return db_result( $result, 0, 0 ); + + return db_result( $result ); } + + #=================================== + # Data Modification + #=================================== + # -------------------- - # Returns the specified field of the currently logged in user, otherwise 0 - function get_current_user_field( $p_field_name ) { - global $g_string_cookie_val, $g_current_user_info; + # Update the last_visited field to be NOW() + function user_update_last_visit( $p_user_id ) { + $c_user_id = db_prepare_int( $p_user_id ); + + $t_user_table = config_get( 'mantis_user_table' ); - $t_user_table = config_get('mantis_user_table'); + $query = "UPDATE $t_user_table + SET last_visit=NOW() + WHERE id='$c_user_id'"; + + db_query( $query ); - # if logged in - if ( isset( $g_string_cookie_val ) ) { - if ( !isset ( $g_current_user_info[ $p_field_name ] ) ) { - # get user info - $query = "SELECT * ". - "FROM $t_user_table ". - "WHERE cookie_string='$g_string_cookie_val' ". - "LIMIT 1"; - $result = db_query( $query ); - $g_current_user_info = db_fetch_array ( $result ); - } - return $g_current_user_info [ $p_field_name ]; - } else { - return 0; - } + user_clear_cache( $p_user_id ); + + # db_query() errors on failure so: + return true; } # -------------------- - # Returns the specified field of the currently logged in user, otherwise 0 - function get_current_user_pref_field( $p_field_name ) { - global $g_string_cookie_val, $g_cache_user_pref; - - $t_user_pref_table = config_get('mantis_user_pref_table'); + # This function is only called from the login.php3 script + function user_increment_login_count( $p_user_id ) { + $c_user_id = db_prepare_int( $p_user_id ); - # if logged in - if ( isset( $g_string_cookie_val ) ) { - $t_id = get_current_user_field( 'id' ); + $t_user_table = config_get( 'mantis_user_table' ); - if ( !isset( $g_cache_user_pref[$t_id] ) ) { - # get user info - $query = "SELECT * - FROM $t_user_pref_table - WHERE user_id='$t_id'"; - $result = db_query( $query ); - $row = db_fetch_array( $result ); - if ( false === $row ) { - return 0; - } - $g_cache_user_pref[$t_id] = $row; - } - return ( $g_cache_user_pref[$t_id][$p_field_name] ); - } else { - return 0; - } + $query = "UPDATE $t_user_table + SET login_count=login_count+1 + WHERE id='$c_user_id'"; + + db_query( $query ); + + user_clear_cache( $p_user_id ); + + #db_query() errors on failure so: + return true; } ?> |