Menu
▾
▴
[Mantisbt-cvs] mantisbt/core API.php,1.12,1.13 access_api.php,1.1,1.2 authentication_api.php,1.2,1.3 bug_api.php,1.5,1.6 bugnote_api.php,1.6,1.7 database_api.php,1.5,1.6 email_api.php,1.6,1.7 helper_api.php,1.8,1.9 history_api.php,1.2,1.3 html_api.php,1.4,1.5 print_api.php,1.5,1.6 project_api.php,1.8,1.9 string_api.php,1.4,1.5 user_api.php,1.15,1.16
|
From: <jfi...@us...> - 2002-08-29 02:56:27
|
Update of /cvsroot/mantisbt/mantisbt/core
In directory usw-pr-cvs1:/tmp/cvs-serv15543/core
Modified Files:
API.php access_api.php authentication_api.php bug_api.php
bugnote_api.php database_api.php email_api.php helper_api.php
history_api.php html_api.php print_api.php project_api.php
string_api.php user_api.php
Log Message:
holy... how did this end up being so big...???
Well, this makes user_api pretty much complete except for security stuff
I still need to check through all the page files because I'm sure there are still pages that aren't calling user_api functions. In fact there are user_api functions that haven't been written yet that I'm pretty sure will need to be...
But there ya go... it's better than it was before :)
Index: API.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/core/API.php,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -d -r1.12 -r1.13
--- API.php 27 Aug 2002 13:55:19 -0000 1.12
+++ API.php 29 Aug 2002 02:56:23 -0000 1.13
@@ -39,6 +39,7 @@
require_once( $t_core_dir . 'summary_api.php' );
require_once( $t_core_dir . 'date_api.php' );
require_once( $t_core_dir . 'user_api.php' );
+ require_once( $t_core_dir . 'current_user_api.php' );
require_once( $t_core_dir . 'email_api.php' );
require_once( $t_core_dir . 'news_api.php' );
require_once( $t_core_dir . 'icon_api.php' );
Index: access_api.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/core/access_api.php,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- access_api.php 26 Aug 2002 22:35:05 -0000 1.1
+++ access_api.php 29 Aug 2002 02:56:23 -0000 1.2
@@ -32,7 +32,7 @@
return false;
}
- $t_access_level = get_current_user_field( 'access_level' );
+ $t_access_level = current_user_get_field( 'access_level' );
$t_access_level2 = get_project_access_level( $p_project_id );
if ( $t_access_level2 == $p_access_level ) {
@@ -73,11 +73,11 @@
}
# Administrators ALWAYS pass.
- if ( get_current_user_field( 'access_level' ) >= ADMINISTRATOR ) {
+ if ( current_user_get_field( 'access_level' ) >= ADMINISTRATOR ) {
return true;
}
- $t_access_level = get_current_user_field( 'access_level' );
+ $t_access_level = current_user_get_field( 'access_level' );
$t_access_level2 = get_project_access_level( $p_project_id );
# use the project level access level instead of the global access level
@@ -105,7 +105,7 @@
}
# Administrators ALWAYS pass.
- if ( get_current_user_field( 'access_level' ) >= ADMINISTRATOR ) {
+ if ( current_user_get_field( 'access_level' ) >= ADMINISTRATOR ) {
return true;
}
@@ -115,7 +115,7 @@
# use the project level access level instead of the global access level
# if the project level is not specified then use the global access level
if ( ( -1 == $t_access_level ) && ( PUBLIC == $t_project_view_state ) ) {
- $t_access_level = get_current_user_field( 'access_level' );
+ $t_access_level = current_user_get_field( 'access_level' );
}
return ( $t_access_level >= $p_access_level );
@@ -129,7 +129,7 @@
return false;
}
- $t_access_level = get_current_user_field( 'access_level' );
+ $t_access_level = current_user_get_field( 'access_level' );
if ( $t_access_level == $p_access_level ) {
return true;
} else {
@@ -148,7 +148,7 @@
return false;
}
- $t_access_level = get_current_user_field( 'access_level' );
+ $t_access_level = current_user_get_field( 'access_level' );
if ( $t_access_level >= $p_access_level ) {
return true;
@@ -160,7 +160,7 @@
# Checks to see if the user should be here. If not then log the user out.
function check_access( $p_access_level ) {
# Administrators ALWAYS pass.
- if ( get_current_user_field( 'access_level' ) >= ADMINISTRATOR ) {
+ if ( current_user_get_field( 'access_level' ) >= ADMINISTRATOR ) {
return;
}
if ( !access_level_check_greater_or_equal( $p_access_level ) ) {
@@ -179,7 +179,7 @@
project_check( $p_bug_id );
# Administrators ALWAYS pass.
- if ( get_current_user_field( 'access_level' ) >= ADMINISTRATOR ) {
+ if ( current_user_get_field( 'access_level' ) >= ADMINISTRATOR ) {
return;
}
@@ -223,7 +223,7 @@
$t_project_view_state = project_get_field( $p_project_id, 'view_state' );
# Administrators ALWAYS pass.
- if ( get_current_user_field( 'access_level' ) >= ADMINISTRATOR ) {
+ if ( current_user_get_field( 'access_level' ) >= ADMINISTRATOR ) {
return;
}
@@ -250,7 +250,7 @@
$c_project_id = (integer)$p_project_id;
- $t_user_id = get_current_user_field( 'id' );
+ $t_user_id = current_user_get_field( 'id' );
if ( 0 == $p_project_id ) {
if ( (integer)$g_project_cookie_val == 0 ) {
return -1;
@@ -281,7 +281,7 @@
# use the current user unless otherwise specified
if ( 0 == $p_user_id ) {
- $t_user_id = get_current_user_field( 'id' );
+ $t_user_id = current_user_get_field( 'id' );
} else {
$t_user_id = (integer)$p_user_id;
}
Index: authentication_api.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/core/authentication_api.php,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- authentication_api.php 27 Aug 2002 10:08:07 -0000 1.2
+++ authentication_api.php 29 Aug 2002 02:56:23 -0000 1.3
@@ -26,7 +26,7 @@
if ( !empty( $g_string_cookie_val ) ) {
$t_user_id = auth_get_current_user_id();
# get user info
- $t_enabled = get_current_user_field( 'enabled' );
+ $t_enabled = current_user_get_field( 'enabled' );
# check for access enabled
if ( OFF == $t_enabled ) {
print_header_redirect( 'logout_page.php' );
@@ -72,7 +72,7 @@
# set last visit cookie
# get user info
- $t_enabled = get_current_user_field( 'enabled' );
+ $t_enabled = current_user_get_field( 'enabled' );
# check for acess enabled
if ( OFF == $t_enabled ) {
@@ -101,7 +101,7 @@
# if logged in
if ( !empty( $g_string_cookie_val ) ) {
# get user info
- $t_enabled = get_current_user_field( 'enabled' );
+ $t_enabled = current_user_get_field( 'enabled' );
# check for acess enabled
if ( OFF == $t_enabled ) {
print_header_redirect( 'logout_page.php' );
Index: bug_api.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/core/bug_api.php,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- bug_api.php 28 Aug 2002 14:10:11 -0000 1.5
+++ bug_api.php 29 Aug 2002 02:56:23 -0000 1.6
@@ -161,7 +161,7 @@
$t_ass_val = $h_status;
}
- $t_handler_id = get_current_user_field( 'id' );
+ $t_handler_id = current_user_get_field( 'id' );
if ( ( $t_ass_val != $h_status ) || ( $t_handler_id != $h_handler_id ) ) {
$c_id = (integer)$p_bug_id;
Index: bugnote_api.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/core/bugnote_api.php,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- bugnote_api.php 26 Aug 2002 21:58:47 -0000 1.6
+++ bugnote_api.php 29 Aug 2002 02:56:23 -0000 1.7
@@ -85,7 +85,7 @@
}
# get user information
- $u_id = get_current_user_field( 'id' );
+ $u_id = current_user_get_field( 'id' );
# insert bugnote info
$query = "INSERT
Index: database_api.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/core/database_api.php,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- database_api.php 27 Aug 2002 04:26:42 -0000 1.5
+++ database_api.php 29 Aug 2002 02:56:23 -0000 1.6
@@ -161,7 +161,7 @@
# --------------------
# prepare a boolean before DB insertion
function db_prepare_bool( $p_bool ) {
- return (bool)$p_bool;
+ return (int)(bool)$p_bool;
}
# --------------------
Index: email_api.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/core/email_api.php,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- email_api.php 27 Aug 2002 10:08:08 -0000 1.6
+++ email_api.php 29 Aug 2002 02:56:23 -0000 1.7
@@ -408,7 +408,7 @@
$t_message = $g_email_separator1."\n";
if ( $p_message != $s_email_bug_deleted_msg) {
$t_message .= $g_path;
- if ( ADVANCED_ONLY == $g_show_view || ( BOTH == $g_show_view && ON == get_current_user_pref_field( 'advanced_view' ) ) ) {
+ if ( ADVANCED_ONLY == $g_show_view || ( BOTH == $g_show_view && ON == current_user_get_pref( 'advanced_view' ) ) ) {
$t_message .= 'view_bug_advanced_page.php';
} else {
$t_message .= 'view_bug_page.php';
Index: helper_api.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/core/helper_api.php,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9
--- helper_api.php 28 Aug 2002 22:16:50 -0000 1.8
+++ helper_api.php 29 Aug 2002 02:56:23 -0000 1.9
@@ -231,7 +231,7 @@
( 1 == $p_no_referer ) ) {
switch ( $g_show_view ) {
case BOTH:
- if ( ON == get_current_user_pref_field( 'advanced_view' ) ) {
+ if ( ON == current_user_get_pref( 'advanced_view' ) ) {
return 'view_bug_advanced_page.php?f_id='.$p_bug_id;
} else {
return 'view_bug_page.php?f_id='.$p_bug_id;
@@ -258,7 +258,7 @@
( 1 == $p_no_referer ) ) {
switch( $g_show_report ) {
case BOTH:
- if ( ON == get_current_user_pref_field( 'advanced_report' ) ) {
+ if ( ON == current_user_get_pref( 'advanced_report' ) ) {
return 'bug_add_advanced_page.php';
} else {
return 'bug_add_page.php';
Index: history_api.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/core/history_api.php,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- history_api.php 25 Aug 2002 08:14:59 -0000 1.2
+++ history_api.php 29 Aug 2002 02:56:23 -0000 1.3
@@ -27,7 +27,7 @@
$c_bug_id = (integer)$p_bug_id;
$c_user_id = (integer)$p_user_id;
if ( 0 == $c_user_id ) {
- $c_user_id = get_current_user_field( 'id' );
+ $c_user_id = current_user_get_field( 'id' );
};
$query = "INSERT INTO $g_mantis_bug_history_table
@@ -54,7 +54,7 @@
$c_type = (integer)$p_type;
$c_optional = string_prepare_text( $p_optional );
$c_optional2 = string_prepare_text( $p_optional2 );
- $t_user_id = get_current_user_field( 'id' );
+ $t_user_id = current_user_get_field( 'id' );
$query = "INSERT INTO $g_mantis_bug_history_table
( user_id, bug_id, date_modified, type, old_value, new_value )
Index: html_api.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/core/html_api.php,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -d -r1.4 -r1.5
--- html_api.php 26 Aug 2002 00:40:23 -0000 1.4
+++ html_api.php 29 Aug 2002 02:56:23 -0000 1.5
@@ -238,8 +238,8 @@
$s_access_levels_enum_string,
$g_use_javascript;
- $t_username = get_current_user_field( 'username' );
- $t_access_level = get_enum_element( 'access_levels', get_current_user_access_level() );
+ $t_username = current_user_get_field( 'username' );
+ $t_access_level = get_enum_element( 'access_levels', current_user_get_access_level() );
$t_now = date( $g_complete_date_format );
PRINT '<table class="hide">';
@@ -313,7 +313,7 @@
$s_jump, $s_logout_link;
if ( isset( $g_string_cookie_val ) ) {
- $t_protected = get_current_user_field( 'protected' );
+ $t_protected = current_user_get_field( 'protected' );
PRINT '<table class="width100" cellspacing="0">';
PRINT '<tr>';
PRINT '<td class="menu">';
@@ -406,20 +406,20 @@
$t_manage_page = 'manage_page.php';
$t_manage_project_menu_page = 'manage_proj_menu_page.php';
- $t_manage_create_user_page = 'manage_create_user_page.php';
+ $t_manage_user_create_page = 'manage_user_create_page.php';
$t_documentation_page = 'documentation_page.php';
switch ( $p_page ) {
case $t_manage_page : $t_manage_page = ''; break;
case $t_manage_project_menu_page: $t_manage_project_menu_page = ''; break;
- case $t_manage_create_user_page : $t_manage_create_user_page = ''; break;
+ case $t_manage_user_create_page : $t_manage_user_create_page = ''; break;
case $t_documentation_page : $t_documentation_page = ''; break;
}
PRINT '<p><div align="center">';
print_bracket_link( $t_manage_page, $s_manage_users_link );
print_bracket_link( $t_manage_project_menu_page, $s_manage_projects_link );
- print_bracket_link( $t_manage_create_user_page, $s_create_new_account_link );
+ print_bracket_link( $t_manage_user_create_page, $s_create_new_account_link );
print_bracket_link( $t_documentation_page, $s_documentation_link );
PRINT '</div>';
}
Index: print_api.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/core/print_api.php,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- print_api.php 28 Aug 2002 09:58:32 -0000 1.5
+++ print_api.php 29 Aug 2002 02:56:23 -0000 1.6
@@ -83,7 +83,7 @@
# --------------------
function print_duplicate_id( $p_duplicate_id ) {
if ( $p_duplicate_id != '0000000' ) {
- if ( ON == get_current_user_pref_field( 'advanced_view' ) ) {
+ if ( ON == current_user_get_pref( 'advanced_view' ) ) {
PRINT "<a href=\"view_bug_advanced_page.php?f_id=$p_duplicate_id\">".$p_duplicate_id."</a>";
} else {
PRINT "<a href=\"view_bug_page.php?f_id=$p_duplicate_id\">".$p_duplicate_id."</a>";
@@ -396,8 +396,8 @@
global $g_mantis_project_table, $g_mantis_project_user_list_table,
$g_project_cookie_val;
- $t_user_id = get_current_user_field( 'id' );
- $t_access_level = get_current_user_field( 'access_level' );
+ $t_user_id = current_user_get_field( 'id' );
+ $t_access_level = current_user_get_field( 'access_level' );
$t_pub = PUBLIC;
$t_prv = PRIVATE;
@@ -478,7 +478,7 @@
FROM $g_mantis_project_table
ORDER BY name";
} else {
- $t_user_id = get_current_user_field( 'id' );
+ $t_user_id = current_user_get_field( 'id' );
$query = "SELECT p.id, p.name
FROM $g_mantis_project_table p, $g_mantis_project_user_list_table m
WHERE p.id=m.project_id AND
@@ -805,7 +805,7 @@
switch ( $g_show_view ) {
case BOTH:
- if ( ON == get_current_user_pref_field( 'advanced_view' ) ) {
+ if ( ON == current_user_get_pref( 'advanced_view' ) ) {
PRINT "<a href=\"view_bug_advanced_page.php?f_id=$p_id\">$p_id</a>";
} else {
PRINT "<a href=\"view_bug_page.php?f_id=$p_id\">$p_id</a>";
@@ -827,7 +827,7 @@
switch ( $g_show_update ) {
case BOTH:
- if ( ON == get_current_user_pref_field( 'advanced_update' ) ) {
+ if ( ON == current_user_get_pref( 'advanced_update' ) ) {
return 'bug_update_advanced_page.php';
} else {
return 'bug_update_page.php';
@@ -849,7 +849,7 @@
switch ( $g_show_view ) {
case BOTH:
- if ( ON == get_current_user_pref_field( 'advanced_view' ) ) {
+ if ( ON == current_user_get_pref( 'advanced_view' ) ) {
return "<a href=\"view_bug_advanced_page.php?f_id=$p_id\">$p_id</a>";
} else {
return "<a href=\"view_bug_page.php?f_id=$p_id\">$p_id</a>";
@@ -871,7 +871,7 @@
switch ( $g_show_view ) {
case BOTH:
- if ( ON == get_current_user_pref_field( 'advanced_view' ) ) {
+ if ( ON == current_user_get_pref( 'advanced_view' ) ) {
return 'view_bug_advanced_page.php?f_id='.$p_id;
} else {
return 'view_bug_page.php?f_id='.$p_id;
@@ -1031,12 +1031,12 @@
switch ( $g_show_user_email ) {
case NONE: return $p_text;
case ALL: return "<a href=\"mailto:$p_email\">$p_text</a>";
- case NO_ANONYMOUS: if ( get_current_user_field( 'username' ) != $g_anonymous_account ) {
+ case NO_ANONYMOUS: if ( current_user_get_field( 'username' ) != $g_anonymous_account ) {
return "<a href=\"mailto:$p_email\">$p_text</a>";
} else {
return $p_text;
}
- case ADMIN_ONLY: if ( ADMINISTRATOR == get_current_user_field( 'access_level' ) ) {
+ case ADMIN_ONLY: if ( ADMINISTRATOR == current_user_get_field( 'access_level' ) ) {
return "<a href=\"mailto:$p_email\">$p_text</a>";
} else {
return $p_text;
@@ -1061,12 +1061,12 @@
switch ( $g_show_user_email ) {
case NONE: return $p_text;
case ALL: return "<a href=\"mailto:$p_email?subject=$p_summary\">$p_text</a>";
- case NO_ANONYMOUS: if ( get_current_user_field( 'username' ) != $g_anonymous_account ) {
+ case NO_ANONYMOUS: if ( current_user_get_field( 'username' ) != $g_anonymous_account ) {
return "<a href=\"mailto:$p_email?subject=$p_summary\">$p_text</a>";
} else {
return $p_text;
}
- case ADMIN_ONLY: if ( ADMINISTRATOR == get_current_user_field( 'access_level' ) ) {
+ case ADMIN_ONLY: if ( ADMINISTRATOR == current_user_get_field( 'access_level' ) ) {
return "<a href=\"mailto:$p_email?subject=$p_summary\">$p_text</a>";
} else {
return $p_text;
Index: project_api.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/core/project_api.php,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9
--- project_api.php 27 Aug 2002 10:08:08 -0000 1.8
+++ project_api.php 29 Aug 2002 02:56:23 -0000 1.9
@@ -279,6 +279,30 @@
}
}
# --------------------
+ # Return the user's access level on the project or false
+ # if the user is not listed on the project
+ function project_get_user_access_level( $p_project_id, $p_user_id ) {
+ $c_project_id = db_prepare_int( $p_project_id );
+ $c_user_id = db_prepare_int( $p_user_id );
+
+ if ( 0 == $c_project_id ) {
+ return false;
+ }
+
+ $t_project_user_list_table = config_get( 'mantis_project_user_list_table' );
+
+ $query = "SELECT access_level
+ FROM $t_project_user_list_table
+ WHERE user_id='$c_user_id' AND project_id='$c_project_id'";
+ $result = db_query( $query );
+
+ if ( db_num_rows( $result ) > 0 ) {
+ return db_result( $result );
+ } else {
+ return false;
+ }
+ }
+ # --------------------
# return the descriptor holding all the info from the project user list
# for the specified project
function project_get_all_user_rows( $p_project_id ) {
Index: string_api.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/core/string_api.php,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -d -r1.4 -r1.5
--- string_api.php 27 Aug 2002 04:26:43 -0000 1.4
+++ string_api.php 29 Aug 2002 02:56:23 -0000 1.5
@@ -135,7 +135,7 @@
$t_tag = config_get( 'bug_link_tag' );
$t_path = config_get( 'path' );
- if ( ON == get_current_user_pref_field( 'advanced_view' ) ) {
+ if ( ON == current_user_get_pref( 'advanced_view' ) ) {
$t_page_name = 'view_bug_advanced_page.php';
} else {
$t_page_name = 'view_bug_page.php';
Index: user_api.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/core/user_api.php,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -d -r1.15 -r1.16
--- user_api.php 28 Aug 2002 10:25:44 -0000 1.15
+++ user_api.php 29 Aug 2002 02:56:23 -0000 1.16
@@ -133,15 +133,15 @@
#===================================
# --------------------
- # returns true if the username is unique, false if there is already a user
+ # return true if the username is unique, false if there is already a user
# with that username
function user_is_name_unique( $p_username ) {
- $t_user_table = config_get( 'g_mantis_user_table' );
-
$c_username = db_prepare_string( $p_username );
- $query = "COUNT(*)
- FROM $g_mantis_user_table
+ $t_user_table = config_get( 'mantis_user_table' );
+
+ $query = "SELECT COUNT(*)
+ FROM $t_user_table
WHERE username='$c_username'";
$result = db_query( $query );
@@ -153,13 +153,21 @@
}
}
# --------------------
+ # Check if the username is unique
+ # return true if it is, trigger an ERROR if it isn't
+ function user_ensure_name_unique( $p_username ) {
+ if ( ! user_is_name_unique( $p_username ) ) {
+ trigger_error( ERROR_USER_NAME_NOT_UNIQUE, ERROR );
+ }
+ }
+ # --------------------
# return whether user is monitoring bug for the user id and bug id
function user_is_monitoring_bug( $p_user_id, $p_bug_id ) {
- $t_bug_monitor_table = config_get( 'mantis_bug_monitor_table' );
-
$c_user_id = db_prepare_int( $p_user_id );
$c_bug_id = db_prepare_int( $p_bug_id );
+ $t_bug_monitor_table = config_get( 'mantis_bug_monitor_table' );
+
$query = "SELECT COUNT(*)
FROM $t_bug_monitor_table
WHERE user_id='$c_user_id' AND bug_id='$c_bug_id'";
@@ -175,11 +183,11 @@
# --------------------
# @@@ unused
function user_has_project_prefs( $p_user_id, $p_project_id ) {
- $t_user_pref_table = config_get( 'mantis_user_pref_table' );
-
$c_project_id = db_prepare_int( $p_project_id );
$c_user_id = db_prepare_int( $p_user_id );
+ $t_user_pref_table = config_get( 'mantis_user_pref_table' );
+
$query = "SELECT COUNT(*)
FROM $t_user_pref_table
WHERE user_id='$c_user_id' AND project_id='$c_project_id'";
@@ -198,91 +206,98 @@
# --------------------
# Create a user.
- # If $g_use_ldap_email then tries to find email using ldap
- # $p_email may be empty, but the user wont get any emails.
# returns false if error, the generated cookie string if ok
- function user_signup( $p_username, $p_email=null ) {
- if ( ( null === $p_email ) && ( ON == config_get( 'use_ldap_email' ) ) ) {
- $p_email = ldap_email( $p_username, 'email' );
+ function user_create( $p_username, $p_password, $p_email='', $p_access_level=null, $p_protected=false, $p_enabled=true ) {
+ if ( null === $p_access_level ) {
+ $p_access_level = config_get( 'default_new_account_access_level');
}
- $c_username = db_prepare_string( $p_username );
- $c_email = db_prepare_string( $p_email );
+ $t_password = process_plain_password( $p_password );
- $t_use_ldap_email = config_get( 'use_ldap_email ');
- $t_default_new_account_access_level = config_get( 'default_new_account_access_level ');
- $t_default_advanced_report = config_get( 'default_advanced_report ');
- $t_default_advanced_view = config_get( 'default_advanced_view ');
- $t_default_advanced_update = config_get( 'default_advanced_update ');
- $t_default_refresh_delay = config_get( 'default_refresh_delay ');
- $t_default_redirect_delay = config_get( 'default_redirect_delay ');
- $t_default_email_on_new = config_get( 'default_email_on_new ');
- $t_default_email_on_assigned = config_get( 'default_email_on_assigned ');
- $t_default_email_on_feedback = config_get( 'default_email_on_feedback ');
- $t_default_email_on_resolved = config_get( 'default_email_on_resolved ');
- $t_default_email_on_closed = config_get( 'default_email_on_closed ');
- $t_default_email_on_reopened = config_get( 'default_email_on_reopened ');
- $t_default_email_on_bugnote = config_get( 'default_email_on_bugnote ');
- $t_default_email_on_status = config_get( 'default_email_on_status ');
- $t_default_email_on_priority = config_get( 'default_email_on_priority ');
- $t_default_language = config_get( 'default_language ');
+ $c_username = db_prepare_string( $p_username );
+ $c_password = db_prepare_string( $t_password );
+ $c_email = db_prepare_string( $p_email );
+ $c_access_level = db_prepare_int( $p_access_level );
+ $c_protected = db_prepare_bool( $p_protected );
+ $c_enabled = db_prepare_bool( $p_enabled );
- $t_user_table = config_get( 'mantis_user_table' );
- $t_user_pref_table = config_get( 'mantis_user_pref_table' );
+ user_ensure_name_unique( $p_username );
- $t_seed = $p_email ? $p_email : $p_username;
- # Create random password
- $t_password = create_random_password( $t_seed );
- # Use a default access level
- # create the almost unique string for each user then insert into the table
+ $t_seed = $p_email.$p_username;
$t_cookie_string = create_cookie_string( $t_seed );
- $t_password2 = process_plain_password( $t_password );
- $query = "INSERT INTO $t_user_table
- ( id, username, email, password, date_created, last_visit,
- enabled, protected, access_level, login_count, cookie_string )
- VALUES
- ( null, '$c_username', '$c_email', '$t_password2', NOW(), NOW(),
- 1, 0, $t_default_new_account_access_level, 0, '$t_cookie_string')";
- $result = db_query( $query );
+ $t_default_advanced_report = config_get( 'default_advanced_report');
+ $t_default_advanced_view = config_get( 'default_advanced_view');
+ $t_default_advanced_update = config_get( 'default_advanced_update');
+ $t_default_refresh_delay = config_get( 'default_refresh_delay');
+ $t_default_redirect_delay = config_get( 'default_redirect_delay');
+ $t_default_email_on_new = config_get( 'default_email_on_new');
+ $t_default_email_on_assigned = config_get( 'default_email_on_assigned');
+ $t_default_email_on_feedback = config_get( 'default_email_on_feedback');
+ $t_default_email_on_resolved = config_get( 'default_email_on_resolved');
+ $t_default_email_on_closed = config_get( 'default_email_on_closed');
+ $t_default_email_on_reopened = config_get( 'default_email_on_reopened');
+ $t_default_email_on_bugnote = config_get( 'default_email_on_bugnote');
+ $t_default_email_on_status = config_get( 'default_email_on_status');
+ $t_default_email_on_priority = config_get( 'default_email_on_priority');
+ $t_default_language = config_get( 'default_language');
- if ( !$result ) {
- return false;
- }
+ $t_user_table = config_get( 'mantis_user_table' );
+ $t_user_pref_table = config_get( 'mantis_user_pref_table' );
+
+ $query = "INSERT INTO $t_user_table
+ ( id, username, email, password, date_created, last_visit,
+ enabled, protected, access_level, login_count, cookie_string )
+ VALUES
+ ( null, '$c_username', '$c_email', '$c_password', NOW(), NOW(),
+ $c_enabled, $c_protected, $c_access_level, 0, '$t_cookie_string')";
+ db_query( $query );
# Create preferences for the user
$t_user_id = db_insert_id();
$query = "INSERT INTO $t_user_pref_table
- (id, user_id, advanced_report, advanced_view, advanced_update,
- refresh_delay, redirect_delay,
- email_on_new, email_on_assigned,
- email_on_feedback, email_on_resolved,
- email_on_closed, email_on_reopened,
- email_on_bugnote, email_on_status,
- email_on_priority, language)
- VALUES
- (null, '$t_user_id', '$t_default_advanced_report',
- '$t_default_advanced_view', '$t_default_advanced_update',
- '$t_default_refresh_delay', '$t_default_redirect_delay',
- '$t_default_email_on_new', '$t_default_email_on_assigned',
- '$t_default_email_on_feedback', '$t_default_email_on_resolved',
- '$t_default_email_on_closed', '$t_default_email_on_reopened',
- '$t_default_email_on_bugnote', '$t_default_email_on_status',
- '$t_default_email_on_priority', '$t_default_language')";
- $result = db_query($query);
-
- if ( !$result ) {
- return false;
- }
+ (id, user_id, advanced_report, advanced_view, advanced_update,
+ refresh_delay, redirect_delay,
+ email_on_new, email_on_assigned,
+ email_on_feedback, email_on_resolved,
+ email_on_closed, email_on_reopened,
+ email_on_bugnote, email_on_status,
+ email_on_priority, language)
+ VALUES
+ (null, '$t_user_id', '$t_default_advanced_report',
+ '$t_default_advanced_view', '$t_default_advanced_update',
+ '$t_default_refresh_delay', '$t_default_redirect_delay',
+ '$t_default_email_on_new', '$t_default_email_on_assigned',
+ '$t_default_email_on_feedback', '$t_default_email_on_resolved',
+ '$t_default_email_on_closed', '$t_default_email_on_reopened',
+ '$t_default_email_on_bugnote', '$t_default_email_on_status',
+ '$t_default_email_on_priority', '$t_default_language')";
+ db_query($query);
# Send notification email
if ( $p_email ) {
- email_signup( $t_user_id, $t_password );
+ email_signup( $t_user_id, $p_password );
}
return $t_cookie_string;
}
# --------------------
+ # Signup a user.
+ # If the use_ldap_email config option is on then tries to find email using
+ # ldap. $p_email may be empty, but the user wont get any emails.
+ # returns false if error, the generated cookie string if ok
+ function user_signup( $p_username, $p_email=null ) {
+ if ( ( null === $p_email ) && ( ON == config_get( 'use_ldap_email' ) ) ) {
+ $p_email = ldap_email( $p_username );
+ }
+
+ $t_seed = $p_email.$p_username;
+ # Create random password
+ $t_password = create_random_password( $t_seed );
+
+ return user_create( $p_username, $t_password, $p_email );
+ }
+ # --------------------
# delete an account
# returns true when the account was successfully deleted
function user_delete( $p_user_id ) {
@@ -294,37 +309,84 @@
$t_project_user_list_table = config_get('mantis_project_user_list_table');
if ( !user_get_field( $p_user_id, 'protected' ) ) {
- # Remove account
- $query = "DELETE
- FROM $t_user_table
- WHERE id='$c_user_id'";
- $result = db_query( $query );
- $success = db_affected_rows();
-
- # Remove associated profiles
- $query = "DELETE
- FROM $t_user_profile_table
- WHERE user_id='$c_user_id'";
- $result = db_query( $query );
-
+ # Remove account
+ $query = "DELETE
+ FROM $t_user_table
+ WHERE id='$c_user_id'";
+ db_query( $query );
+
+ # Remove associated profiles
+ $query = "DELETE
+ FROM $t_user_profile_table
+ WHERE user_id='$c_user_id'";
+ db_query( $query );
+
# Remove associated preferences
- $query = "DELETE
- FROM $t_user_pref_table
- WHERE user_id='$c_user_id'";
- $result = db_query( $query );
-
- $query = "DELETE
- FROM $t_project_user_list_table
- WHERE user_id='$c_user_id'";
- $result = db_query( $query );
+ $query = "DELETE
+ FROM $t_user_pref_table
+ WHERE user_id='$c_user_id'";
+ db_query( $query );
- drop_user_info_cache();
+ $query = "DELETE
+ FROM $t_project_user_list_table
+ WHERE user_id='$c_user_id'";
+ db_query( $query );
- return $success;
+ user_clear_cache( $p_user_id );
+
+ return true;
} else {
- return 0;
+ return false;
}
}
+ # --------------------
+ # @@@ unused
+ function user_create_project_prefs( $p_user_id, $p_project_id ) {
+ $c_user_id = db_prepare_int( $p_user_id );
+ $c_project_id = db_prepare_int( $p_project_id );
+
+ $t_user_pref_table = config_get( 'mantis_user_pref_table' );
+
+ $t_default_advanced_report = config_get( 'default_advanced_report');
+ $t_default_advanced_view = config_get( 'default_advanced_view');
+ $t_default_advanced_update = config_get( 'default_advanced_update');
+ $t_default_refresh_delay = config_get( 'default_refresh_delay');
+ $t_default_redirect_delay = config_get( 'default_redirect_delay');
+ $t_default_email_on_new = config_get( 'default_email_on_new');
+ $t_default_email_on_assigned = config_get( 'default_email_on_assigned');
+ $t_default_email_on_feedback = config_get( 'default_email_on_feedback');
+ $t_default_email_on_resolved = config_get( 'default_email_on_resolved');
+ $t_default_email_on_closed = config_get( 'default_email_on_closed');
+ $t_default_email_on_reopened = config_get( 'default_email_on_reopened');
+ $t_default_email_on_bugnote = config_get( 'default_email_on_bugnote');
+ $t_default_email_on_status = config_get( 'default_email_on_status');
+ $t_default_email_on_priority = config_get( 'default_email_on_priority');
+ $t_default_language = config_get( 'default_language');
+
+ $query = "INSERT
+ INTO $t_user_pref_table
+ (id, user_id, project_id,
+ advanced_report, advanced_view, advanced_update,
+ refresh_delay, redirect_delay,
+ email_on_new, email_on_assigned,
+ email_on_feedback, email_on_resolved,
+ email_on_closed, email_on_reopened,
+ email_on_bugnote, email_on_status,
+ email_on_priority, language)
+ VALUES
+ (null, '$c_user_id', '$c_project_id',
+ '$t_default_advanced_report', '$t_default_advanced_view', '$t_default_advanced_update',
+ '$t_default_refresh_delay', '$t_default_redirect_delay',
+ '$t_default_email_on_new', '$t_default_email_on_assigned',
+ '$t_default_email_on_feedback', '$t_default_email_on_resolved',
+ '$t_default_email_on_closed', '$t_default_email_on_reopened',
+ '$t_default_email_on_bugnote', '$t_default_email_on_status',
+ '$t_default_email_on_priority', '$t_default_language')";
+ db_query($query);
+
+ # db_query() errors on failure so:
+ return true;
+ }
#===================================
# Data Access
@@ -333,10 +395,10 @@
# get a user id from a username
# return false if the username does not exist
function user_get_id_by_name( $p_username ) {
- $t_user_table = config_get( 'mantis_user_table' );
-
$c_username = db_prepare_string( $p_username );
+ $t_user_table = config_get( 'mantis_user_table' );
+
$query = "SELECT id
FROM $t_user_table
WHERE username='$c_username'";
@@ -358,7 +420,7 @@
return false;
}
- $row = user_cache_row( $t_user_id );
+ $row = user_get_row( $t_user_id );
return $row;
}
@@ -382,7 +444,7 @@
# --------------------
# return the specified user field for the user id
function user_get_field( $p_user_id, $p_field_name ) {
- $row = user_cache_row( $p_user_id );
+ $row = user_get_row( $p_user_id );
if ( isset( $row[$p_field_name] ) ) {
return $row[$p_field_name];
@@ -401,11 +463,12 @@
}
}
# --------------------
- # returns username
+ # return the username or a string saying "user no longer exists"
+ # if the user does not exist
function user_get_name( $p_user_id ) {
$t_string = lang_get( 'user_no_longer_exists' );
- $row = user_cache_row( $p_user_id, false );
+ $row = user_get_row( $p_user_id, false );
if ( false == $row ) {
return $t_string;
@@ -413,236 +476,115 @@
return $row['username'];
}
}
-
- #===================================
- # Data Modification
- #===================================
-
- # --------------------
- # Update the last_visited field to be NOW()
- function user_update_last_visit( $p_user_id ) {
- $t_user_table = config_get( 'mantis_user_table' );
-
- # @@@ remove this once old user caching is gotten rid of
- drop_user_info_cache();
-
- $c_user_id = db_prepare_int( $p_user_id );
-
- $query = "UPDATE $t_user_table
- SET last_visit=NOW()
- WHERE id='$c_user_id'";
-
- db_query( $query );
-
- user_clear_cache( $p_user_id );
-
- # db_query() errors on failure so:
- return true;
- }
- # --------------------
- # This function is only called from the login.php3 script
- function user_increment_login_count( $p_user_id ) {
- $t_user_table = config_get( 'mantis_user_table' );
-
- $c_user_id = db_prepare_int( $p_user_id );
-
- $query = "UPDATE $t_user_table
- SET login_count=login_count+1
- WHERE id='$c_user_id'";
-
- db_query( $query );
-
- #db_query() errors on failure so:
- return true;
- }
-
-
-
-#########################################
-#
-# Current user functions
-#
-# These functions operate on the current user
-#
-# They should be refactored into functions that take a user
-# with the current functions calling the new ones with the
-# result of auth_get_current_user_id() as the first parameter
-#
-# The naming of these and whether they should be in another api
-# file is also an issue. The best I can think of is:
-#
-# current_user_*() but I'm tempted to leave them in this file
-#
-# maybe they need to be user_current_*() or user_*_current() ??
-#
-##################################
-
- # --------------------
- # Flush user information cache. Should be called when the user information
- # is changed.
- function drop_user_info_cache( ) {
- global $g_current_user_info;
- unset ( $g_current_user_info );
- }
# --------------------
-
- # --------------------
- # @@@ unused
- function user_create_project_prefs( $p_project_id ) {
- $c_project_id = db_prepare_int($p_project_id);
-
- $t_user_pref_table = config_get('mantis_user_pref_table');
-
- $t_user_id = get_current_user_field( 'id' );
- $query = "INSERT
- INTO $t_user_pref_table
- (id, user_id, project_id,
- advanced_report, advanced_view, advanced_update,
- refresh_delay, redirect_delay,
- email_on_new, email_on_assigned,
- email_on_feedback, email_on_resolved,
- email_on_closed, email_on_reopened,
- email_on_bugnote, email_on_status,
- email_on_priority, language)
- VALUES
- (null, '$t_user_id', '$c_project_id',
- '$g_default_advanced_report', '$g_default_advanced_view', '$g_default_advanced_update',
- '$g_default_refresh_delay', '$g_default_redirect_delay',
- '$g_default_email_on_new', '$g_default_email_on_assigned',
- '$g_default_email_on_feedback', '$g_default_email_on_resolved',
- '$g_default_email_on_closed', '$g_default_email_on_reopened',
- '$g_default_email_on_bugnote', '$g_default_email_on_status',
- '$g_default_email_on_priority', '$g_default_language')";
- $result = db_query($query);
- }
- # --------------------
- # grabs the access level of the current user
- # this function accounts for private project and the project user lists
- function get_current_user_access_level() {
- global $g_string_cookie_val;
-
- $t_access_level = get_current_user_field( 'access_level' );
- $t_access_level2 = get_project_access_level();
+ # return the user's access level
+ # account for private project and the project user lists
+ function user_get_access_level( $p_user_id, $p_project_id ) {
+ $t_access_level = user_get_field( $p_user_id, 'access_level' );
if ( $t_access_level >= ADMINISTRATOR ) {
return $t_access_level;
}
- if ( -1 == $t_access_level2 ) {
+ $t_project_access_level = project_get_user_access_level( $p_user_id, $p_project_id );
+
+ if ( false === $t_project_access_level ) {
return $t_access_level;
} else {
- return $t_access_level2;
+ return $t_project_access_level;
}
}
# --------------------
- # retrieve the number of open assigned bugs to a user in a project
- function get_assigned_open_bug_count( $p_project_id, $p_cookie_str ) {
+ # return the number of open assigned bugs to a user in a project
+ function user_get_assigned_open_bug_count( $p_user_id, $p_project_id=0 ) {
+ $c_user_id = db_prepare_int($p_user_id);
$c_project_id = db_prepare_int($p_project_id);
- $c_cookie_str = db_prepare_string($p_cookie_str);
$t_bug_table = config_get('mantis_bug_table');
- $t_user_table = config_get('mantis_user_table');
- $query ="SELECT id ".
- "FROM $t_user_table ".
- "WHERE cookie_string='$c_cookie_str'";
- $result = db_query( $query );
- $t_id = db_result( $result );
-
- if ( '0000000' == helper_get_current_project() ) {
+ if ( 0 == $p_project_id ) {
$t_where_prj = '';
} else {
$t_where_prj = "project_id='$c_project_id' AND";
}
- $t_res = RESOLVED;
- $t_clo = CLOSED;
- $query ="SELECT COUNT(*) ".
- "FROM $t_bug_table ".
- "WHERE $t_where_prj ".
- "status<>'$t_res' AND status<>'$t_clo' AND ".
- "handler_id='$t_id'";
+
+ $t_resolved = RESOLVED;
+ $t_closed = CLOSED;
+
+ $query = "SELECT COUNT(*)
+ FROM $t_bug_table
+ WHERE $t_where_prj
+ status<>'$t_resolved' AND status<>'$t_closed' AND
+ handler_id='$c_user_id'";
$result = db_query( $query );
- return db_result( $result, 0, 0 );
+
+ return db_result( $result );
}
# --------------------
- # retrieve the number of open reported bugs by a user in a project
- function get_reported_open_bug_count( $p_project_id, $p_cookie_str ) {
+ # return the number of open reported bugs by a user in a project
+ function user_get_reported_open_bug_count( $p_user_id, $p_project_id=0 ) {
+ $c_user_id = db_prepare_int($p_user_id);
$c_project_id = db_prepare_int($p_project_id);
- $c_cookie_str = db_prepare_string($p_cookie_str);
$t_bug_table = config_get('mantis_bug_table');
- $t_user_table = config_get('mantis_user_table');
- $query ="SELECT id ".
- "FROM $t_user_table ".
- "WHERE cookie_string='$c_cookie_str'";
- $result = db_query( $query );
- $t_id = db_result( $result );
-
- if ( '0000000' == helper_get_current_project() ) {
+ if ( 0 == $p_project_id ) {
$t_where_prj = '';
} else {
$t_where_prj = "project_id='$c_project_id' AND";
}
- $t_res = RESOLVED;
- $t_clo = CLOSED;
- $query ="SELECT COUNT(*) ".
- "FROM $t_bug_table ".
- "WHERE $t_where_prj ".
- "status<>'$t_res' AND status<>'$t_clo' AND ".
- "reporter_id='$t_id'";
+
+ $t_resolved = RESOLVED;
+ $t_closed = CLOSED;
+
+ $query = "SELECT COUNT(*)
+ FROM $t_bug_table
+ WHERE $t_where_prj
+ status<>'$t_resolved' AND status<>'$t_closed' AND
+ reporter_id='$c_user_id'";
$result = db_query( $query );
- return db_result( $result, 0, 0 );
+
+ return db_result( $result );
}
+
+ #===================================
+ # Data Modification
+ #===================================
+
# --------------------
- # Returns the specified field of the currently logged in user, otherwise 0
- function get_current_user_field( $p_field_name ) {
- global $g_string_cookie_val, $g_current_user_info;
+ # Update the last_visited field to be NOW()
+ function user_update_last_visit( $p_user_id ) {
+ $c_user_id = db_prepare_int( $p_user_id );
+
+ $t_user_table = config_get( 'mantis_user_table' );
- $t_user_table = config_get('mantis_user_table');
+ $query = "UPDATE $t_user_table
+ SET last_visit=NOW()
+ WHERE id='$c_user_id'";
+
+ db_query( $query );
- # if logged in
- if ( isset( $g_string_cookie_val ) ) {
- if ( !isset ( $g_current_user_info[ $p_field_name ] ) ) {
- # get user info
- $query = "SELECT * ".
- "FROM $t_user_table ".
- "WHERE cookie_string='$g_string_cookie_val' ".
- "LIMIT 1";
- $result = db_query( $query );
- $g_current_user_info = db_fetch_array ( $result );
- }
- return $g_current_user_info [ $p_field_name ];
- } else {
- return 0;
- }
+ user_clear_cache( $p_user_id );
+
+ # db_query() errors on failure so:
+ return true;
}
# --------------------
- # Returns the specified field of the currently logged in user, otherwise 0
- function get_current_user_pref_field( $p_field_name ) {
- global $g_string_cookie_val, $g_cache_user_pref;
-
- $t_user_pref_table = config_get('mantis_user_pref_table');
+ # This function is only called from the login.php3 script
+ function user_increment_login_count( $p_user_id ) {
+ $c_user_id = db_prepare_int( $p_user_id );
- # if logged in
- if ( isset( $g_string_cookie_val ) ) {
- $t_id = get_current_user_field( 'id' );
+ $t_user_table = config_get( 'mantis_user_table' );
- if ( !isset( $g_cache_user_pref[$t_id] ) ) {
- # get user info
- $query = "SELECT *
- FROM $t_user_pref_table
- WHERE user_id='$t_id'";
- $result = db_query( $query );
- $row = db_fetch_array( $result );
- if ( false === $row ) {
- return 0;
- }
- $g_cache_user_pref[$t_id] = $row;
- }
- return ( $g_cache_user_pref[$t_id][$p_field_name] );
- } else {
- return 0;
- }
+ $query = "UPDATE $t_user_table
+ SET login_count=login_count+1
+ WHERE id='$c_user_id'";
+
+ db_query( $query );
+
+ user_clear_cache( $p_user_id );
+
+ #db_query() errors on failure so:
+ return true;
}
?>
|