0byt3m1n1
Path:
/
data
/
applications
/
aps
/
mantis
/
1.1.1-6
/
standard
/
htdocs
/
core
/
[
Home
]
File: user_api.php
<?php # Mantis - a php based bugtracking system # Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org # Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev@lists.sourceforge.net # Mantis is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 2 of the License, or # (at your option) any later version. # # Mantis is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with Mantis. If not, see <http://www.gnu.org/licenses/>. # -------------------------------------------------------- # $Id: user_api.php,v 1.113.2.3 2007-10-14 22:35:35 giallu Exp $ # -------------------------------------------------------- $t_core_dir = dirname( __FILE__ ).DIRECTORY_SEPARATOR; require_once( $t_core_dir . 'email_api.php' ); require_once( $t_core_dir . 'ldap_api.php' ); ### User API ### #=================================== # Caching #=================================== ######################################### # SECURITY NOTE: cache globals are initialized here to prevent them # being spoofed if register_globals is turned on $g_cache_user = array(); # -------------------- # Cache a user row if necessary and return the cached copy # If the second parameter is true (default), trigger an error # if the user can't be found. If the second parameter is # false, return false if the user can't be found. function user_cache_row( $p_user_id, $p_trigger_errors=true) { global $g_cache_user; $c_user_id = db_prepare_int( $p_user_id ); if ( isset ( $g_cache_user[$c_user_id] ) ) { return $g_cache_user[$c_user_id]; } $t_user_table = config_get( 'mantis_user_table' ); $query = "SELECT * FROM $t_user_table WHERE id='$c_user_id'"; $result = db_query( $query ); if ( 0 == db_num_rows( $result ) ) { $g_cache_user[$c_user_id] = false; if ( $p_trigger_errors ) { trigger_error( ERROR_USER_NOT_FOUND, ERROR ); } return false; } $row = db_fetch_array( $result ); $g_cache_user[$c_user_id] = $row; return $row; } # -------------------- # Clear the user cache (or just the given id if specified) function user_clear_cache( $p_user_id = null ) { global $g_cache_user; if ( null === $p_user_id ) { $g_cache_user = array(); } else { $c_user_id = db_prepare_int( $p_user_id ); unset( $g_cache_user[$c_user_id] ); } return true; } #=================================== # Boolean queries and ensures #=================================== # -------------------- # check to see if user exists by id # return true if it does, false otherwise # # Use user_cache_row() to benefit from caching if called multiple times # and because if the user does exist the data may well be wanted function user_exists( $p_user_id ) { $row = user_cache_row( $p_user_id, false ); if ( false === $row ) { return false; } else { return true; } } # -------------------- # check to see if project exists by id # if it doesn't exist then error # otherwise let execution continue undisturbed function user_ensure_exists( $p_user_id ) { if ( !user_exists( $p_user_id ) ) { trigger_error( ERROR_USER_NOT_FOUND, ERROR ); } } # -------------------- # return true if the username is unique, false if there is already a user # with that username function user_is_name_unique( $p_username ) { $c_username = db_prepare_string( $p_username ); $t_user_table = config_get( 'mantis_user_table' ); $query = "SELECT username FROM $t_user_table WHERE username='$c_username'"; $result = db_query( $query, 1 ); if ( db_num_rows( $result ) > 0 ) { return false; } else { return true; } } # -------------------- # Check if the username is unique and trigger an ERROR if it isn't function user_ensure_name_unique( $p_username ) { if ( !user_is_name_unique( $p_username ) ) { trigger_error( ERROR_USER_NAME_NOT_UNIQUE, ERROR ); } } # -------------------- # Check if the realname is a valid username (does not account for uniqueness) # Return 0 if it is invalid, The number of matches + 1 function user_is_realname_unique( $p_username, $p_realname ) { if ( is_blank( $p_realname ) ) { # don't bother checking if realname is blank return 1; } $c_realname = db_prepare_string( $p_realname ); # allow realname to match username $t_count = 0; if ( $p_realname <> $p_username ) { # check realname does not match an existing username if ( user_get_id_by_name( $p_realname ) ) { return 0; } # check to see if the realname is unique $t_user_table = config_get( 'mantis_user_table' ); $query = "SELECT id FROM $t_user_table WHERE realname='$c_realname'"; $result = db_query( $query ); $t_count = db_num_rows( $result ); if ( $t_count > 0 ) { # set flags for non-unique realnames if ( config_get( 'differentiate_duplicates' ) ) { user_set_field( $t_user_id, 'duplicate_realname', ON ); for ( $i=0 ; $i < $t_count ; $i++ ) { $t_id = db_result( $result, $i ); user_set_field( $t_id, 'duplicate_realname', ON ); } } } } return $t_count + 1; } # -------------------- # Check if the realname is a unique # Trigger an error if the username is not valid function user_ensure_realname_unique( $p_username, $p_realname ) { if ( 1 > user_is_realname_unique( $p_username, $p_realname ) ) { trigger_error( ERROR_USER_REAL_MATCH_USER, ERROR ); } } # -------------------- # Check if the realname is a valid (does not account for uniqueness) # true: valid, false: not valid function user_is_realname_valid( $p_realname ) { return ( !string_contains_scripting_chars( $p_realname ) ); } # -------------------- # Check if the realname is a valid (does not account for uniqueness), if not, trigger an error function user_ensure_realname_valid( $p_realname ) { if ( !user_is_realname_valid( $p_realname ) ) { trigger_error( ERROR_USER_REAL_NAME_INVALID, ERROR ); } } # -------------------- # Check if the username is a valid username (does not account for uniqueness) # realname can match # Return true if it is, false otherwise function user_is_name_valid( $p_username ) { # The DB field is only 32 characters if ( strlen( $p_username ) > 32 ) { return false; } # Only allow a basic set of characters if ( 0 == preg_match( config_get( 'user_login_valid_regex' ), $p_username ) ) { return false; } # We have a valid username return true; } # -------------------- # Check if the username is a valid username (does not account for uniqueness) # Trigger an error if the username is not valid function user_ensure_name_valid( $p_username ) { if ( !user_is_name_valid( $p_username ) ) { trigger_error( ERROR_USER_NAME_INVALID, ERROR ); } } # -------------------- # return whether user is monitoring bug for the user id and bug id function user_is_monitoring_bug( $p_user_id, $p_bug_id ) { $c_user_id = db_prepare_int( $p_user_id ); $c_bug_id = db_prepare_int( $p_bug_id ); $t_bug_monitor_table = config_get( 'mantis_bug_monitor_table' ); $query = "SELECT COUNT(*) FROM $t_bug_monitor_table WHERE user_id='$c_user_id' AND bug_id='$c_bug_id'"; $result = db_query( $query ); if ( 0 == db_result( $result ) ) { return false; } else { return true; } } # -------------------- # return true if the user has access of ADMINISTRATOR or higher, false otherwise function user_is_administrator( $p_user_id ) { $t_access_level = user_get_field( $p_user_id, 'access_level' ); if ( $t_access_level >= ADMINISTRATOR ) { return true; } else { return false; } } # -------------------- # return true is the user account is protected, false otherwise function user_is_protected( $p_user_id ) { if ( ON == user_get_field( $p_user_id, 'protected' ) ) { return true; } else { return false; } } # -------------------- # Trigger an ERROR if the user account is protected function user_ensure_unprotected( $p_user_id ) { if ( user_is_protected( $p_user_id ) ) { trigger_error( ERROR_PROTECTED_ACCOUNT, ERROR ); } } # -------------------- # return true is the user account is enabled, false otherwise function user_is_enabled( $p_user_id ) { if ( ON == user_get_field( $p_user_id, 'enabled' ) ) { return true; } else { return false; } } # -------------------- # count the number of users at or greater than a specific level function user_count_level( $p_level=ANYBODY ) { $t_level = db_prepare_int( $p_level ); $t_user_table = config_get( 'mantis_user_table' ); $query = "SELECT COUNT(id) FROM $t_user_table WHERE access_level>=$t_level"; $result = db_query( $query ); # Get the list of connected users $t_users = db_result( $result ); return $t_users; } # -------------------- # Return an array of user ids that are logged in. # A user is considered logged in if the last visit timestamp is within the # specified session duration. # If the session duration is 0, then no users will be returned. function user_get_logged_in_user_ids( $p_session_duration_in_minutes ) { $t_session_duration_in_minutes = (integer)$p_session_duration_in_minutes; # if session duration is 0, then there is no logged in users. if ( $t_session_duration_in_minutes == 0 ) { return array(); } # Generate timestamp # @@@ The following code may not be portable accross DBMS. $t_last_timestamp_threshold = mktime( date( "H" ), date( "i" ) -1 * $t_session_duration_in_minutes, date("s"), date("m"), date("d"), date("Y") ); $c_last_timestamp_threshold = date( "Y-m-d H:i:s" , $t_last_timestamp_threshold ); $t_user_table = config_get( 'mantis_user_table' ); # Execute query $query = "SELECT id FROM $t_user_table WHERE last_visit > '$c_last_timestamp_threshold'"; $result = db_query( $query, 1 ); # Get the list of connected users $t_users_connected = array(); while ( $row = db_fetch_array( $result ) ) { $t_users_connected[] = $row['id']; } return $t_users_connected; } #=================================== # Creation / Deletion / Updating #=================================== # -------------------- # Create a user. # returns false if error, the generated cookie string if ok function user_create( $p_username, $p_password, $p_email='', $p_access_level=null, $p_protected=false, $p_enabled=true, $p_realname='' ) { if ( null === $p_access_level ) { $p_access_level = config_get( 'default_new_account_access_level'); } $t_password = auth_process_plain_password( $p_password ); $c_username = db_prepare_string( $p_username ); $c_realname = db_prepare_string( $p_realname ); $c_password = db_prepare_string( $t_password ); $c_email = db_prepare_string( $p_email ); $c_access_level = db_prepare_int( $p_access_level ); $c_protected = db_prepare_bool( $p_protected ); $c_enabled = db_prepare_bool( $p_enabled ); user_ensure_name_valid( $p_username ); user_ensure_name_unique( $p_username ); user_ensure_realname_valid( $p_realname ); user_ensure_realname_unique( $p_username, $p_realname ); email_ensure_valid( $p_email ); $t_seed = $p_email . $p_username; $t_cookie_string = auth_generate_unique_cookie_string( $t_seed ); $t_user_table = config_get( 'mantis_user_table' ); $query = "INSERT INTO $t_user_table ( username, email, password, date_created, last_visit, enabled, access_level, login_count, cookie_string, realname ) VALUES ( '$c_username', '$c_email', '$c_password', " . db_now() . "," . db_now() . ", $c_enabled, $c_access_level, 0, '$t_cookie_string', '$c_realname')"; db_query( $query ); # Create preferences for the user $t_user_id = db_insert_id( $t_user_table ); user_pref_set_default( $t_user_id ); # Users are added with protected set to FALSE in order to be able to update # preferences. Now set the real value of protected. if ( $c_protected ) { user_set_field( $t_user_id, 'protected', 1 ); } # Send notification email if ( !is_blank( $p_email ) ) { $t_confirm_hash = auth_generate_confirm_hash( $t_user_id ); email_signup( $t_user_id, $p_password, $t_confirm_hash ); } return $t_cookie_string; } # -------------------- # Signup a user. # If the use_ldap_email config option is on then tries to find email using # ldap. $p_email may be empty, but the user wont get any emails. # returns false if error, the generated cookie string if ok function user_signup( $p_username, $p_email=null ) { if ( null === $p_email ) { $p_email = ''; # @@@ I think the ldap_email stuff is a bit borked # Where is it being set? When is it being used? # Shouldn't we override an email that is passed in here? # If the user doesn't exist in ldap, is the account created? # If so, there password won't get set anywhere... (etc) # RJF: I was going to check for the existence of an LDAP email. # however, since we can't create an LDAP account at the moment, # and we don't know the user password in advance, we may not be able # to retrieve it anyway. # I'll re-enable this once a plan has been properly formulated for LDAP # account management and creation. /* $t_email = ''; if ( ON == config_get( 'use_ldap_email' ) ) { $t_email = ldap_email_from_username( $p_username ); } if ( !is_blank( $t_email ) ) { $p_email = $t_email; } */ } $p_email = trim( $p_email ); $t_seed = $p_email . $p_username; # Create random password $t_password = auth_generate_random_password( $t_seed ); return user_create( $p_username, $t_password, $p_email ); } # -------------------- # delete project-specific user access levels. # returns true when successfully deleted function user_delete_project_specific_access_levels( $p_user_id ) { $c_user_id = db_prepare_int($p_user_id); user_ensure_unprotected( $p_user_id ); $t_project_user_list_table = config_get('mantis_project_user_list_table'); $query = "DELETE FROM $t_project_user_list_table WHERE user_id='$c_user_id'"; db_query( $query ); user_clear_cache( $p_user_id ); return true; } # -------------------- # delete profiles for the specified user # returns true when successfully deleted function user_delete_profiles( $p_user_id ) { $c_user_id = db_prepare_int($p_user_id); user_ensure_unprotected( $p_user_id ); $t_user_profile_table = config_get('mantis_user_profile_table'); # Remove associated profiles $query = "DELETE FROM $t_user_profile_table WHERE user_id='$c_user_id'"; db_query( $query ); user_clear_cache( $p_user_id ); return true; } # -------------------- # delete a user account (account, profiles, preferences, project-specific access levels) # returns true when the account was successfully deleted function user_delete( $p_user_id ) { $c_user_id = db_prepare_int($p_user_id); $t_user_table = config_get('mantis_user_table'); user_ensure_unprotected( $p_user_id ); # Remove associated profiles user_delete_profiles( $p_user_id ); # Remove associated preferences user_pref_delete_all( $p_user_id ); # Remove project specific access levels user_delete_project_specific_access_levels( $p_user_id ); #unset non-unique realname flags if necessary if ( config_get( 'differentiate_duplicates' ) ) { $c_realname = db_prepare_string( user_get_field( $p_user_id, 'realname' ) ); $query = "SELECT id FROM $t_user_table WHERE realname='$c_realname'"; $result = db_query( $query ); $t_count = db_num_rows( $result ); if ( $t_count == 2 ) { # unset flags if there are now only 2 unique names for ( $i=0 ; $i < $t_count ; $i++ ) { $t_user_id = db_result( $result, $i ); user_set_field( $t_user_id, 'duplicate_realname', OFF ); } } } user_clear_cache( $p_user_id ); # Remove account $query = "DELETE FROM $t_user_table WHERE id='$c_user_id'"; db_query( $query ); return true; } #=================================== # Data Access #=================================== # -------------------- # get a user id from a username # return false if the username does not exist function user_get_id_by_name( $p_username ) { $c_username = db_prepare_string( $p_username ); $t_user_table = config_get( 'mantis_user_table' ); $query = "SELECT id FROM $t_user_table WHERE username='$c_username'"; $result = db_query( $query ); if ( 0 == db_num_rows( $result ) ) { return false; } else { return db_result( $result ); } } # -------------------- # return all data associated with a particular user name # return false if the username does not exist function user_get_row_by_name( $p_username ) { $t_user_id = user_get_id_by_name( $p_username ); if ( false === $t_user_id ) { return false; } $row = user_get_row( $t_user_id ); return $row; } # -------------------- # return a user row function user_get_row( $p_user_id ) { return user_cache_row( $p_user_id ); } # -------------------- # return the specified user field for the user id function user_get_field( $p_user_id, $p_field_name ) { if ( NO_USER == $p_user_id ) { trigger_error( 'user_get_field() for NO_USER', WARNING ); return "@null@"; } $row = user_get_row( $p_user_id ); if ( isset( $row[$p_field_name] ) ) { return $row[$p_field_name]; } else { error_parameters( $p_field_name ); trigger_error( ERROR_DB_FIELD_NOT_FOUND, WARNING ); return ''; } } # -------------------- # lookup the user's email in LDAP or the db as appropriate function user_get_email( $p_user_id ) { $t_email = ''; if ( ON == config_get( 'use_ldap_email' ) ) { $t_email = ldap_email( $p_user_id ); } if ( is_blank( $t_email ) ) { $t_email = user_get_field( $p_user_id, 'email' ); } return $t_email; } # -------------------- # lookup the user's realname function user_get_realname( $p_user_id ) { $t_realname = user_get_field( $p_user_id, 'realname' ); return $t_realname; } # -------------------- # return the username or a string "user<id>" if the user does not exist # if show_realname is set, replace the name with a realname (if set) function user_get_name( $p_user_id ) { $row = user_cache_row( $p_user_id, false ); if ( false == $row ) { return lang_get( 'prefix_for_deleted_users' ) . (int)$p_user_id; } else { if ( ON == config_get( 'show_realname' ) ) { if ( is_blank( $row['realname'] ) ) { return $row['username']; } else { if ( isset( $row['duplicate_realname'] ) && ( ON == $row['duplicate_realname'] ) ) { return $row['realname'] . ' (' . $row['username'] . ')'; } else { return $row['realname']; } } } else { return $row['username']; } } } /** * Return the user avatar image URL * in this first implementation, only gravatar.com avatars are supported * @return array|bool an array( URL, width, height ) or false when the given user has no avatar */ function user_get_avatar( $p_user_id ) { $t_email = strtolower( user_get_email( $p_user_id ) ); if ( is_blank( $t_email ) ) { $t_result = false; } else { $t_default_image = config_get( 'default_avatar' ); $t_size = 80; $t_avatar_url = "http://www.gravatar.com/avatar.php?gravatar_id=" . md5( $t_email ) . "&default=" . urlencode( $t_default_image ) . "&size=" . $t_size . "&rating=G"; $t_result = array( $t_avatar_url, $t_size, $t_size ); } return $t_result; } # -------------------- # return the user's access level # account for private project and the project user lists function user_get_access_level( $p_user_id, $p_project_id = ALL_PROJECTS ) { $t_access_level = user_get_field( $p_user_id, 'access_level' ); if ( $t_access_level >= ADMINISTRATOR ) { return $t_access_level; } $t_project_access_level = project_get_local_user_access_level( $p_project_id, $p_user_id ); if ( false === $t_project_access_level ) { return $t_access_level; } else { return $t_project_access_level; } } $g_user_accessible_projects_cache = null; # -------------------- # retun an array of project IDs to which the user has access function user_get_accessible_projects( $p_user_id, $p_show_disabled = false ) { global $g_user_accessible_projects_cache; if ( null !== $g_user_accessible_projects_cache && auth_get_current_user_id() == $p_user_id && false == $p_show_disabled ) { return $g_user_accessible_projects_cache; } if ( access_has_global_level( config_get( 'private_project_threshold' ), $p_user_id ) ) { $t_projects = project_hierarchy_get_subprojects( ALL_PROJECTS, $p_show_disabled ); } else { $c_user_id = db_prepare_int( $p_user_id ); $t_project_table = config_get( 'mantis_project_table' ); $t_project_user_list_table = config_get( 'mantis_project_user_list_table' ); $t_project_hierarchy_table = config_get( 'mantis_project_hierarchy_table' ); $t_public = VS_PUBLIC; $t_private = VS_PRIVATE; $t_enabled_clause = $p_show_disabled ? '' : 'p.enabled = 1 AND'; $query = "SELECT p.id, p.name, ph.parent_id FROM $t_project_table p LEFT JOIN $t_project_user_list_table u ON p.id=u.project_id AND u.user_id=$c_user_id LEFT JOIN $t_project_hierarchy_table ph ON ph.child_id = p.id WHERE $t_enabled_clause ( p.view_state='$t_public' OR (p.view_state='$t_private' AND u.user_id='$c_user_id' ) ) ORDER BY p.name"; $result = db_query( $query ); $row_count = db_num_rows( $result ); $t_projects = array(); for ( $i=0 ; $i < $row_count ; $i++ ) { $row = db_fetch_array( $result ); $t_projects[ $row['id'] ] = ( $row['parent_id'] === NULL ) ? 0 : $row['parent_id']; } # prune out children where the parents are already listed. Make the list # first, then prune to avoid pruning a parent before the child is found. $t_prune = array(); foreach ( $t_projects as $t_id => $t_parent ) { if ( ( $t_parent !== 0 ) && isset( $t_projects[$t_parent] ) ) { $t_prune[] = $t_id; } } foreach ( $t_prune as $t_id ) { unset( $t_projects[$t_id] ); } $t_projects = array_keys( $t_projects ); } if ( auth_get_current_user_id() == $p_user_id ) { $g_user_accessible_projects_cache = $t_projects; } return $t_projects; } $g_user_accessible_subprojects_cache = null; # -------------------- # retun an array of subproject IDs of a certain project to which the user has access function user_get_accessible_subprojects( $p_user_id, $p_project_id, $p_show_disabled = false ) { global $g_user_accessible_subprojects_cache; if ( null !== $g_user_accessible_subprojects_cache && auth_get_current_user_id() == $p_user_id && false == $p_show_disabled ) { if ( isset( $g_user_accessible_subprojects_cache[ $p_project_id ] ) ) { return $g_user_accessible_subprojects_cache[ $p_project_id ]; } else { return Array(); } } $c_user_id = db_prepare_int( $p_user_id ); $c_project_id = db_prepare_int( $p_project_id ); $t_project_table = config_get( 'mantis_project_table' ); $t_project_user_list_table = config_get( 'mantis_project_user_list_table' ); $t_project_hierarchy_table = config_get( 'mantis_project_hierarchy_table' ); $t_enabled_clause = $p_show_disabled ? '' : 'p.enabled = 1 AND'; $t_public = VS_PUBLIC; $t_private = VS_PRIVATE; if ( access_has_global_level( config_get( 'private_project_threshold' ), $p_user_id ) ) { $query = "SELECT DISTINCT p.id, p.name, ph.parent_id FROM $t_project_table p LEFT JOIN $t_project_hierarchy_table ph ON ph.child_id = p.id WHERE $t_enabled_clause ph.parent_id IS NOT NULL ORDER BY p.name"; } else { $query = "SELECT DISTINCT p.id, p.name, ph.parent_id FROM $t_project_table p LEFT JOIN $t_project_user_list_table u ON p.id = u.project_id AND u.user_id='$c_user_id' LEFT JOIN $t_project_hierarchy_table ph ON ph.child_id = p.id WHERE $t_enabled_clause ph.parent_id IS NOT NULL AND ( p.view_state='$t_public' OR (p.view_state='$t_private' AND u.user_id='$c_user_id' ) ) ORDER BY p.name"; } $result = db_query( $query ); $row_count = db_num_rows( $result ); $t_projects = array(); for ( $i=0 ; $i < $row_count ; $i++ ) { $row = db_fetch_array( $result ); if ( !isset( $t_projects[ $row['parent_id'] ] ) ) { $t_projects[ $row['parent_id'] ] = array(); } array_push( $t_projects[ $row['parent_id'] ], $row['id'] ); } if ( auth_get_current_user_id() == $p_user_id ) { $g_user_accessible_subprojects_cache = $t_projects; } if ( !isset( $t_projects[ $p_project_id ] ) ) { $t_projects[ $p_project_id ] = array(); } return $t_projects[ $p_project_id ]; } # -------------------- function user_get_all_accessible_subprojects( $p_user_id, $p_project_id ) { # @@@ (thraxisp) Should all top level projects be a sub-project of ALL_PROJECTS implicitly? # affects how news and some summaries are generated $t_todo = user_get_accessible_subprojects( $p_user_id, $p_project_id ); $t_subprojects = Array(); while ( $t_todo ) { $t_elem = array_shift( $t_todo ); if ( !in_array( $t_elem, $t_subprojects ) ) { array_push( $t_subprojects, $t_elem ); $t_todo = array_merge( $t_todo, user_get_accessible_subprojects( $p_user_id, $t_elem ) ); } } return $t_subprojects; } # -------------------- # return the number of open assigned bugs to a user in a project function user_get_assigned_open_bug_count( $p_user_id, $p_project_id=ALL_PROJECTS ) { $c_user_id = db_prepare_int($p_user_id); $c_project_id = db_prepare_int($p_project_id); $t_bug_table = config_get('mantis_bug_table'); $t_where_prj = helper_project_specific_where( $p_project_id, $p_user_id ) . " AND"; $t_resolved = config_get('bug_resolved_status_threshold'); $query = "SELECT COUNT(*) FROM $t_bug_table WHERE $t_where_prj status<'$t_resolved' AND handler_id='$c_user_id'"; $result = db_query( $query ); return db_result( $result ); } # -------------------- # return the number of open reported bugs by a user in a project function user_get_reported_open_bug_count( $p_user_id, $p_project_id=ALL_PROJECTS ) { $c_user_id = db_prepare_int($p_user_id); $c_project_id = db_prepare_int($p_project_id); $t_bug_table = config_get('mantis_bug_table'); $t_where_prj = helper_project_specific_where( $p_project_id, $p_user_id ) . " AND"; $t_resolved = config_get('bug_resolved_status_threshold'); $query = "SELECT COUNT(*) FROM $t_bug_table WHERE $t_where_prj status<'$t_resolved' AND reporter_id='$c_user_id'"; $result = db_query( $query ); return db_result( $result ); } # -------------------- # return a profile row function user_get_profile_row( $p_user_id, $p_profile_id ) { $c_user_id = db_prepare_int( $p_user_id ); $c_profile_id = db_prepare_int( $p_profile_id ); $t_user_profile_table = config_get( 'mantis_user_profile_table' ); $query = "SELECT * FROM $t_user_profile_table WHERE id='$c_profile_id' AND user_id='$c_user_id'"; $result = db_query( $query ); if ( 0 == db_num_rows( $result ) ) { trigger_error( ERROR_USER_PROFILE_NOT_FOUND, ERROR ); } $row = db_fetch_array( $result ); return $row; } # -------------------- # Get failed login attempts function user_is_login_request_allowed( $p_user_id ) { $t_max_failed_login_count = config_get( 'max_failed_login_count' ); $t_failed_login_count = user_get_field( $p_user_id, 'failed_login_count' ); return ( $t_failed_login_count < $t_max_failed_login_count || OFF == $t_max_failed_login_count); } # -------------------- # Get 'lost password' in progress attempts function user_is_lost_password_request_allowed( $p_user_id ) { if( OFF == config_get( 'lost_password_feature' ) ) { return false; } $t_max_lost_password_in_progress_count = config_get( 'max_lost_password_in_progress_count' ); $t_lost_password_in_progress_count = user_get_field( $p_user_id, 'lost_password_request_count' ); return ( $t_lost_password_in_progress_count < $t_max_lost_password_in_progress_count || OFF == $t_max_lost_password_in_progress_count ); } # -------------------- # return the bug filter parameters for the specified user function user_get_bug_filter( $p_user_id, $p_project_id = null ) { if ( null === $p_project_id ) { $t_project_id = helper_get_current_project(); } else { $t_project_id = $p_project_id; } $t_view_all_cookie_id = filter_db_get_project_current( $t_project_id, $p_user_id ); $t_view_all_cookie = filter_db_get_filter( $t_view_all_cookie_id, $p_user_id ); $t_cookie_detail = explode( '#', $t_view_all_cookie, 2 ); if ( !isset( $t_cookie_detail[1] ) ) { return false; } $t_filter = unserialize( $t_cookie_detail[1] ); $t_filter = filter_ensure_valid_filter( $t_filter ); return $t_filter; } #=================================== # Data Modification #=================================== # -------------------- # Update the last_visited field to be now function user_update_last_visit( $p_user_id ) { $c_user_id = db_prepare_int( $p_user_id ); $t_user_table = config_get( 'mantis_user_table' ); $query = "UPDATE $t_user_table SET last_visit= " . db_now() . " WHERE id='$c_user_id'"; db_query( $query ); user_clear_cache( $p_user_id ); # db_query() errors on failure so: return true; } # -------------------- # Increment the number of times the user has logegd in # This function is only called from the login.php script function user_increment_login_count( $p_user_id ) { $c_user_id = db_prepare_int( $p_user_id ); $t_user_table = config_get( 'mantis_user_table' ); $query = "UPDATE $t_user_table SET login_count=login_count+1 WHERE id='$c_user_id'"; db_query( $query ); user_clear_cache( $p_user_id ); #db_query() errors on failure so: return true; } # -------------------- # Reset to zero the failed login attempts function user_reset_failed_login_count_to_zero( $p_user_id ) { $c_user_id = db_prepare_int( $p_user_id ); $t_user_table = config_get( 'mantis_user_table' ); $query = "UPDATE $t_user_table SET failed_login_count=0 WHERE id='$c_user_id'"; db_query( $query ); user_clear_cache( $p_user_id ); return true; } # -------------------- # Increment the failed login count by 1 function user_increment_failed_login_count( $p_user_id ) { $c_user_id = db_prepare_int( $p_user_id ); $t_user_table = config_get( 'mantis_user_table' ); $query = "UPDATE $t_user_table SET failed_login_count=failed_login_count+1 WHERE id='$c_user_id'"; db_query( $query ); user_clear_cache( $p_user_id ); return true; } # -------------------- # Reset to zero the 'lost password' in progress attempts function user_reset_lost_password_in_progress_count_to_zero( $p_user_id ) { $c_user_id = db_prepare_int( $p_user_id ); $t_user_table = config_get( 'mantis_user_table' ); $query = "UPDATE $t_user_table SET lost_password_request_count=0 WHERE id='$c_user_id'"; db_query( $query ); user_clear_cache( $p_user_id ); return true; } # -------------------- # Increment the failed login count by 1 function user_increment_lost_password_in_progress_count( $p_user_id ) { $c_user_id = db_prepare_int( $p_user_id ); $t_user_table = config_get( 'mantis_user_table' ); $query = "UPDATE $t_user_table SET lost_password_request_count=lost_password_request_count+1 WHERE id='$c_user_id'"; db_query( $query ); user_clear_cache( $p_user_id ); return true; } # -------------------- # Set a user field function user_set_field( $p_user_id, $p_field_name, $p_field_value ) { $c_user_id = db_prepare_int( $p_user_id ); $c_field_name = db_prepare_string( $p_field_name ); $c_field_value = db_prepare_string( $p_field_value ); if ( $p_field_name != "protected" ) { user_ensure_unprotected( $p_user_id ); } $t_user_table = config_get( 'mantis_user_table' ); $query = "UPDATE $t_user_table SET $c_field_name='$c_field_value' WHERE id='$c_user_id'"; db_query( $query ); user_clear_cache( $p_user_id ); #db_query() errors on failure so: return true; } # -------------------- # Set the user's default project function user_set_default_project( $p_user_id, $p_project_id ) { return user_pref_set_pref( $p_user_id, 'default_project', (int)$p_project_id ); } # -------------------- # Set the user's password to the given string, encoded as appropriate function user_set_password( $p_user_id, $p_password, $p_allow_protected=false ) { if ( !$p_allow_protected ) { user_ensure_unprotected( $p_user_id ); } $t_email = user_get_field( $p_user_id, 'email' ); $t_username = user_get_field( $p_user_id, 'username' ); # When the password is changed, invalidate the cookie to expire sessions that # may be active on all browsers. $t_seed = $t_email . $t_username; $c_cookie_string = db_prepare_string( auth_generate_unique_cookie_string( $t_seed ) ); $c_user_id = db_prepare_int( $p_user_id ); $c_password = db_prepare_string( auth_process_plain_password( $p_password ) ); $c_user_table = config_get( 'mantis_user_table' ); $query = "UPDATE $c_user_table SET password='$c_password', cookie_string='$c_cookie_string' WHERE id='$c_user_id'"; db_query( $query ); #db_query() errors on failure so: return true; } # -------------------- # Set the user's email to the given string after checking that it is a valid email function user_set_email( $p_user_id, $p_email ) { email_ensure_valid( $p_email ); return user_set_field( $p_user_id, 'email', $p_email ); } # -------------------- # Set the user's realname to the given string after checking validity function user_set_realname( $p_user_id, $p_realname ) { # @@@ TODO: ensure_realname_valid( $p_realname ); return user_set_field( $p_user_id, 'realname', $p_realname ); } # -------------------- # Set the user's username to the given string after checking that it is valid function user_set_name( $p_user_id, $p_username ) { user_ensure_name_valid( $p_username ); user_ensure_name_unique( $p_username ); return user_set_field( $p_user_id, 'username', $p_username ); } # -------------------- # Reset the user's password # Take into account the 'send_reset_password' setting # - if it is ON, generate a random password and send an email # (unless the second parameter is false) # - if it is OFF, set the password to blank # Return false if the user is protected, true if the password was # successfully reset function user_reset_password( $p_user_id, $p_send_email=true ) { $t_protected = user_get_field( $p_user_id, 'protected' ); # Go with random password and email it to the user if ( ON == $t_protected ) { return false; } # @@@ do we want to force blank password instead of random if # email notifications are turned off? # How would we indicate that we had done this with a return value? # Should we just have two functions? (user_reset_password_random() # and user_reset_password() )? if ( ( ON == config_get( 'send_reset_password' ) ) && ( ON == config_get( 'enable_email_notification' ) ) ) { # Create random password $t_email = user_get_field( $p_user_id, 'email' ); $t_password = auth_generate_random_password( $t_email ); $t_password2 = auth_process_plain_password( $t_password ); user_set_field( $p_user_id, 'password', $t_password2 ); # Send notification email if ( $p_send_email ) { $t_confirm_hash = auth_generate_confirm_hash( $p_user_id ); email_send_confirm_hash_url( $p_user_id, $t_confirm_hash ); } } else { # use blank password, no emailing $t_password = auth_process_plain_password( '' ); user_set_field( $p_user_id, 'password', $t_password ); # reset the failed login count because in this mode there is no emailing user_reset_failed_login_count_to_zero( $p_user_id ); } return true; } ?>