///////////////////////////////////////////////////////////////////////
        protected void Page_Load(Object sender, EventArgs e)
        {

            Util.do_not_cache(Response);

            Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - "
                + "edit dashboard";

            if (User.IsInRole(BtnetRoles.Admin) || User.Identity.GetCanUseReports())
            {
                //
            }
            else
            {
                Response.Write("You are not allowed to use this page.");
                Response.End();
            }


            ses = (string)Session.SessionID;

            var sql = new SQLString(@"
select ds_id, ds_col, ds_row, ds_chart_type, rp_desc
from dashboard_items ds
inner join reports on rp_id = ds_report
where ds_user = @user
order by ds_col, ds_row");

            sql = sql.AddParameterWithValue("user", Convert.ToString(User.Identity.GetUserId()));

            ds = DbUtil.get_dataset(sql);

        }
 private string GetSalt(string username)
 {
     var sql = new SQLString("select us_salt from users where us_username = @username");
     sql.AddParameterWithValue("@username", username);
     var result = ((string)btnet.DbUtil.execute_scalar(sql));
     return result;
 }
 private bool IsValidPassword(string username, string hashedPassword, string resetKey)
 {
     var sql = new SQLString("select count(*) from users where us_username = @username and us_password = @password and password_reset_key = @resetKey");
     sql.AddParameterWithValue("@username", username);
     sql.AddParameterWithValue("@password", hashedPassword);
     sql.AddParameterWithValue("@resetKey", resetKey);
     return ((int)btnet.DbUtil.execute_scalar(sql)) > 0;
 }
Beispiel #4
0
        public SQLString Append(SQLString toAppend)
        {
            _value += toAppend.ToString();
            foreach (var param in toAppend.GetParameters())
                _parameters.Add(param);
            return this;

        }
        ///////////////////////////////////////////////////////////////////////
        protected void Page_Load(Object sender, EventArgs e)
        {

            Util.do_not_cache(Response);

            Master.Menu.SelectedItem = "admin";
            Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - "
                + "edit priority";

            msg.InnerText = "";

            string var = Request.QueryString["id"];
            if (var == null)
            {
                id = 0;
            }
            else
            {
                id = Convert.ToInt32(var);
            }

            if (!IsPostBack)
            {

                // add or edit?
                if (id == 0)
                {
                    sub.Value = "Create";
                }
                else
                {
                    sub.Value = "Update";

                    // Get this entry's data from the db and fill in the form

                    sql = new SQLString(@"select
				pr_name, pr_sort_seq, pr_background_color, isnull(pr_style,'') [pr_style], pr_default
				from priorities where pr_id = @id");

                    sql = sql.AddParameterWithValue("id", id);
                    DataRow dr = btnet.DbUtil.get_datarow(sql);

                    // Fill in this form
                    name.Value = (string)dr["pr_name"];
                    sort_seq.Value = Convert.ToString((int)dr["pr_sort_seq"]);
                    color.Value = (string)dr["pr_background_color"];
                    style.Value = (string)dr["pr_style"];
                    default_selection.Checked = Convert.ToBoolean((int)dr["pr_default"]);

                }
            }
            else
            {
                on_update();
            }

        }
 protected void on_backup(Object sender, EventArgs e)
 {
     string date = DateTime.Now.ToString("yyyyMMdd_HHmmss");
     string db = (string)btnet.DbUtil.execute_scalar(new SQLString("select db_name()"));
     string backup_file = app_data_folder + "db_backup_" + date + ".bak";
     var sql = new SQLString("backup database " + db + " to disk = '" + backup_file + "'");
     btnet.DbUtil.execute_nonquery(sql);
     get_files();
 }
        ///////////////////////////////////////////////////////////////////////
        protected void Page_Load(Object sender, EventArgs e)
        {

            Util.do_not_cache(Response);


            if (Request.QueryString["ses"] != (string)Session["session_cookie"])
            {
                Response.Write("session in URL doesn't match session cookie");
                Response.End();
            }

            string string_bugid = Util.sanitize_integer(Request["bugid"]);
            int bugid = Convert.ToInt32(string_bugid);

            int permission_level = Bug.get_bug_permission_level(bugid, User.Identity);

            if (permission_level != PermissionLevel.All)
            {
                Response.Write("You are not allowed to edit this item");
                Response.End();
            }

            string string_tsk_id = Util.sanitize_integer(Request["id"]);
            int tsk_id = Convert.ToInt32(string_tsk_id);

            if (IsPostBack)
            {
                // do delete here

                sql = new SQLString(@"delete bug_tasks where tsk_id = @tsk_id and tsk_bug = @bugid");
                sql = sql.AddParameterWithValue("tsk_id", string_tsk_id);
                sql = sql.AddParameterWithValue("bugid", string_bugid);
                DbUtil.execute_nonquery(sql);
                Response.Redirect("tasks.aspx?bugid=" + string_bugid);
            }
            else
            {


                Page.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - "
                    + "delete task";

                back_href.HRef = "tasks.aspx?bugid=" + string_bugid;

                sql = new SQLString(@"select tsk_description from bug_tasks where tsk_id = @tsk_id and tsk_bug = @bugid");
                sql = sql.AddParameterWithValue("tsk_id", string_tsk_id);
                sql = sql.AddParameterWithValue("bugid", string_bugid);

                DataRow dr = DbUtil.get_datarow(sql);

                confirm_href.InnerText = "confirm delete of task: " + Convert.ToString(dr["tsk_description"]);

            }


        }
        protected void Page_Load(Object sender, EventArgs e)
        {

            Util.set_context(HttpContext.Current);
            Util.do_not_cache(Response);



            string guid = Request["id"];

            SQLString sql = new SQLString(@"
declare @expiration datetime
set @expiration = dateadd(n,-1 * @minutes,getdate())

select *,
	case when el_date < @expiration then 1 else 0 end [expired]
	from emailed_links
	where el_id = @guid

delete from emailed_links
	where el_date < dateadd(n,-240,getdate())");

            sql = sql.AddParameterWithValue("minutes", Util.get_setting("RegistrationExpiration", "20"));
            sql = sql.AddParameterWithValue("guid", guid.Replace("'", "''"));

            DataRow dr = btnet.DbUtil.get_datarow(sql);

            if (dr == null)
            {
                msg.InnerHtml = "The link you clicked on is expired or invalid.<br>Please start over again.";
            }
            else if ((int)dr["expired"] == 1)
            {
                msg.InnerHtml = "The link you clicked has expired.<br>Please start over again.";
            }
            else
            {
                btnet.User.copy_user(
                    (string)dr["el_username"],
                    (string)dr["el_email"],
                    (string)dr["el_firstname"],
                    (string)dr["el_lastname"],
                    "",
                    (int)dr["el_salt"],
                    (string)dr["el_password"],
                    Util.get_setting("SelfRegisteredUserTemplate", "[error - missing user template]"),
                    false);

                //  Delete the temp link
                sql = new SQLString(@"delete from emailed_links where el_id = @guid");
                sql = sql.AddParameterWithValue("guid", guid);
                btnet.DbUtil.execute_nonquery(sql);

                msg.InnerHtml = "Your registration is complete.";
            }

        }
Beispiel #9
0
        ///////////////////////////////////////////////////////////////////////
        public static void execute_nonquery_without_logging(SQLString sql)
        {
            using (SqlConnection conn = GetConnection())
            {
                SqlCommand cmd = new SqlCommand(sql.ToString(), conn);
                cmd.Parameters.AddRange(sql.GetParameters().ToArray());
                cmd.ExecuteNonQuery();
                conn.Close(); // redundant, but just to be clear
            }

        }
        ///////////////////////////////////////////////////////////////////////
        protected void Page_Load(Object sender, EventArgs e)
        {

            Util.do_not_cache(Response);

            if (User.IsInRole(BtnetRoles.Admin) || User.Identity.GetCanDeleteBugs())
            {
                //
            }
            else
            {
                Response.Write("You are not allowed to use this page.");
                Response.End();
            }

            string id = Util.sanitize_integer(Request["id"]);

            int permission_level = Bug.get_bug_permission_level(Convert.ToInt32(id), User.Identity);
            if (permission_level != PermissionLevel.All)
            {
                Response.Write("You are not allowed to edit this item");
                Response.End();
            }

            if (IsPostBack)
            {

                Bug.delete_bug(Convert.ToInt32(row_id.Value));
                Server.Transfer("bugs.aspx");

            }
            else
            {

                Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - "
                    + "delete " + Util.get_setting("SingularBugLabel", "bug");

                back_href.HRef = "edit_bug.aspx?id=" + id;

                sql = new SQLString(@"select bg_short_desc from bugs where bg_id = @bugId");
                sql = sql.AddParameterWithValue("bugId", id);

                DataRow dr = DbUtil.get_datarow(sql);

                confirm_href.InnerText = "confirm delete of "
                        + Util.get_setting("SingularBugLabel", "bug")
                        + ": "
                        + Convert.ToString(dr["bg_short_desc"]);

                row_id.Value = id;
            }

        }
        ///////////////////////////////////////////////////////////////////////
        protected void Page_Load(Object sender, EventArgs e)
        {

            Util.do_not_cache(Response);


            if (IsPostBack)
            {
                // do delete here
                sql = new SQLString(@"delete priorities where pr_id = @prid");
                sql = sql.AddParameterWithValue("prid", Util.sanitize_integer(row_id.Value));
                DbUtil.execute_nonquery(sql);
                Server.Transfer("priorities.aspx");
            }
            else
            {
                Master.Menu.SelectedItem = "admin";
                Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - "
                    + "delete priority";

                string id = Util.sanitize_integer(Request["id"]);


                sql = new SQLString(@"declare @cnt int
			select @cnt = count(1) from bugs where bg_priority = @id
			select pr_name, @cnt [cnt] from priorities where pr_id = @id");
                sql = sql.AddParameterWithValue("id", id);

                DataRow dr = DbUtil.get_datarow(sql);

                if ((int)dr["cnt"] > 0)
                {
                    Response.Write("You can't delete priority \""
                        + Convert.ToString(dr["pr_name"])
                        + "\" because some bugs still reference it.");
                    Response.End();
                }
                else
                {

                    confirm_href.InnerText = "confirm delete of \""
                        + Convert.ToString(dr["pr_name"])
                        + "\"";

                    row_id.Value = id;

                }

            }

        }
Beispiel #12
0
        ///////////////////////////////////////////////////////////////////////
        protected void Page_Load(Object sender, EventArgs e)
        {

            Util.do_not_cache(Response);
            Master.Menu.SelectedItem = "admin";
            Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - "
                + "edit user defined attribute value";

            msg.InnerText = "";

            string var = Request.QueryString["id"];
            if (var == null)
            {
                id = 0;
            }
            else
            {
                id = Convert.ToInt32(var);
            }

            if (!IsPostBack)
            {

                // add or edit?
                if (id == 0)
                {
                    sub.Value = "Create";
                }
                else
                {
                    sub.Value = "Update";

                    // Get this entry's data from the db and fill in the form

                    sql = new SQLString(@"select udf_name, udf_sort_seq, udf_default from user_defined_attribute where udf_id = @udfid");
                    sql = sql.AddParameterWithValue("udfid", Convert.ToString(id));
                    DataRow dr = btnet.DbUtil.get_datarow(sql);

                    // Fill in this form
                    name.Value = (string)dr[0];
                    sort_seq.Value = Convert.ToString((int)dr[1]);
                    default_selection.Checked = Convert.ToBoolean((int)dr["udf_default"]);
                }
            }
            else
            {
                on_update();
            }

        }
        ///////////////////////////////////////////////////////////////////////
        protected void Page_Load(Object sender, EventArgs e)
        {

            Util.do_not_cache(Response);

            if (IsPostBack)
            {
                // do delete here
                sql = new SQLString(@"delete orgs where og_id = @orgid");
                sql = sql.AddParameterWithValue("orgid", Util.sanitize_integer(row_id.Value));
                DbUtil.execute_nonquery(sql);
                Server.Transfer("orgs.aspx");
            }
            else
            {

                Page.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - "
                    + "delete organization";

                string id = Util.sanitize_integer(Request["id"]);

                sql = new SQLString(@"declare @cnt int
			select @cnt = count(1) from users where us_org = @orgid;
			select @cnt = @cnt + count(1) from queries where qu_org = @orgid;
			select @cnt = @cnt + count(1) from bugs where bg_org = @orgid;
			select og_name, @cnt [cnt] from orgs where og_id = @orgid");
                sql = sql.AddParameterWithValue("orgid", id);

                DataRow dr = DbUtil.get_datarow(sql);

                if ((int)dr["cnt"] > 0)
                {
                    Response.Write("You can't delete organization \""
                        + Convert.ToString(dr["og_name"])
                        + "\" because some bugs, users, queries still reference it.");
                    Response.End();
                }
                else
                {
                    confirm_href.InnerText = "confirm delete of \""
                        + Convert.ToString(dr["og_name"])
                        + "\"";

                    row_id.Value = id;

                }

            }

        }
Beispiel #14
0
        protected void Page_Load(Object sender, EventArgs e)
        {

            Util.do_not_cache(Response);
            Master.Menu.SelectedItem = "queries";
            Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - queries";

            SQLString sql;

            if (User.IsInRole(BtnetRoles.Admin))
            {
                // allow admin to view all queries

                sql = new SQLString(@"select
            qu_id [id],
			qu_desc [query],
			case
				when isnull(qu_user,0) = 0 and isnull(qu_org,0) is null then 'everybody'
				when isnull(qu_user,0) <> 0 then 'user:'******'org:' + og_name
				else ' '
				end [visibility]
			from queries
			left outer join users on qu_user = us_id
			left outer join orgs on qu_org = og_id
			or isnull(qu_user,0) = @us
			or isnull(qu_user,0) = 0
			order by qu_desc");

            }
            else
            {
                // allow editing for users' own queries

                sql = new SQLString(@"select
            qu_id [id],
			qu_desc [query],
            '' [visibility]
			from queries
			inner join users on qu_user = us_id
			where isnull(qu_user,0) = @us
			order by qu_desc");
            }

            sql = sql.AddParameterWithValue("us", User.Identity.GetUserId());
            ds = btnet.DbUtil.get_dataset(sql);

        }
Beispiel #15
0
        ///////////////////////////////////////////////////////////////////////
        public static void execute_nonquery(SQLString sql)
        {

            if (Util.get_setting("LogSqlEnabled", "1") == "1")
            {
                Util.write_to_log("sql=\n" + sql);
            }

            using (SqlConnection conn = GetConnection())
            {
                SqlCommand cmd = new SqlCommand(sql.ToString(), conn);
                cmd.Parameters.AddRange(sql.GetParameters().ToArray());
                cmd.ExecuteNonQuery();
                conn.Close(); // redundant, but just to be clear
            } 
        }
        ///////////////////////////////////////////////////////////////////////
        protected void Page_Load(Object sender, EventArgs e)
        {

            Util.do_not_cache(Response);


            if (IsPostBack)
            {
                // do delete here
                sql = new SQLString(@"delete user_defined_attribute where udf_id = @udfid");
                sql = sql.AddParameterWithValue("udfid", Util.sanitize_integer(row_id.Value));
                btnet.DbUtil.execute_nonquery(sql);
                Server.Transfer("udfs.aspx");
            }
            else
            {
                Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - "
                    + "delete user defined attribute value";

                string id = Util.sanitize_integer(Request["id"]);

                sql = new SQLString(@"declare @cnt int
			select @cnt = count(1) from bugs where bg_user_defined_attribute = @udfid
			select udf_name, @cnt [cnt] from user_defined_attribute where udf_id = @udfid");
                sql = sql.AddParameterWithValue("udfid", id);

                DataRow dr = btnet.DbUtil.get_datarow(sql);

                if ((int)dr["cnt"] > 0)
                {
                    Response.Write("You can't delete value \""
                        + Convert.ToString(dr["udf_name"])
                        + "\" because some bugs still reference it.");
                    Response.End();
                }
                else
                {
                    confirm_href.InnerText = "confirm delete of \""
                        + Convert.ToString(dr["udf_name"])
                        + "\"";

                    row_id.Value = id;
                }

            }

        }
Beispiel #17
0
        ///////////////////////////////////////////////////////////////////////
        public static object execute_scalar(SQLString sql)
        {
            if (Util.get_setting("LogSqlEnabled", "1") == "1")
            {
                Util.write_to_log("sql=\n" + sql);
            }

            using (SqlConnection conn = GetConnection())
            {
                object returnValue;
                SqlCommand cmd = new SqlCommand(sql.ToString(), conn);
                cmd.Parameters.AddRange(sql.GetParameters().ToArray());
                returnValue = cmd.ExecuteScalar();
                conn.Close(); // redundant, but just to be clear
                return returnValue;
            }
        }
        ///////////////////////////////////////////////////////////////////////
        protected void Page_Load(Object sender, EventArgs e)
        {

            Util.do_not_cache(Response);

            if (User.IsInRole(BtnetRoles.Admin) || User.Identity.GetCanEditReports())
            {
                //
            }
            else
            {
                Response.Write("You are not allowed to use this page.");
                Response.End();
            }
            SQLString sql;
            if (IsPostBack)
            {
                // do delete here
                sql = new SQLString(@"
delete reports where rp_id = @reportId;
delete dashboard_items where ds_report = @reportId");
                sql = sql.AddParameterWithValue("reportId", Util.sanitize_integer(row_id.Value));
                DbUtil.execute_nonquery(sql);
                Server.Transfer("reports.aspx");
            }
            else
            {
                Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - "
                    + "delete report";

                string id = Util.sanitize_integer(Request["id"]);

                sql = new SQLString(@"select rp_desc from reports where rp_id = @id");
                sql = sql.AddParameterWithValue("id", id);

                DataRow dr = DbUtil.get_datarow(sql);

                confirm_href.InnerText = "confirm delete of report: "
                        + Convert.ToString(dr["rp_desc"]);

                row_id.Value = id;

            }

        }
Beispiel #19
0
		public static void threadproc_votes(object obj)
		{
			btnet.Util.write_to_log("threadproc_votes");
			
			try
			{
				System.Web.HttpApplicationState app = (System.Web.HttpApplicationState)obj;
				
				// Because "create view" wants to be the first in a batch, it won't work in setup.sql.
				// So let's just run it here every time.
				var sql = new SQLString(@"
if exists (select * from dbo.sysobjects where id = object_id(N'[votes_view]'))
drop view [votes_view]");

				btnet.DbUtil.execute_nonquery(sql);

				sql = new SQLString(@"
create view votes_view as
select bu_bug as vote_bug, sum(bu_vote) as vote_total
from bug_user
group by bu_bug
having sum(bu_vote) > 0");

				btnet.DbUtil.execute_nonquery(sql);
				
				sql = new SQLString(@"
select bu_bug, count(1)
from bug_user 
where bu_vote = 1
group by bu_bug");

				DataSet ds = btnet.DbUtil.get_dataset(sql);

				foreach (DataRow dr in ds.Tables[0].Rows)
				{
					app[ Convert.ToString(dr[0])] = (int) dr[1]; 
				}
			}
			catch (Exception ex)
			{
				btnet.Util.write_to_log("exception in threadproc_votes:" + ex.Message);
			}
		}
        ///////////////////////////////////////////////////////////////////////
        protected void Page_Load(Object sender, EventArgs e)
        {

            Util.do_not_cache(Response);


            if (Request.QueryString["ses"] != (string)Session["session_cookie"])
            {
                Response.Write("session in URL doesn't match session cookie");
                Response.End();
            }

            var sql = new SQLString("delete from bug_subscriptions where bs_bug = @bg_id and bs_user = @us_id");
            sql = sql.AddParameterWithValue("$bg_id", Util.sanitize_integer(Request["bg_id"]));
            sql = sql.AddParameterWithValue("$us_id", Util.sanitize_integer(Request["us_id"]));
            DbUtil.execute_nonquery(sql);

            Response.Redirect("view_subscribers.aspx?id=" + Util.sanitize_integer(Request["bg_id"]));

        }
        protected void Page_Load(object sender, EventArgs e)
        {          
            var sql = new SQLString("select us_id, us_email, us_username from users");
            using (var reader = DbUtil.execute_reader(sql, System.Data.CommandBehavior.Default))
            {
                while (reader.Read())
                {
                    var id = reader.GetInt32(0);
                    var updateQuery = new SQLString("update users set password_reset_key=@resetKey where us_id = @id");
                    updateQuery.AddParameterWithValue("@id", id);

                    var resetKey = Util.GenerateRandomString();
                    updateQuery.AddParameterWithValue("@resetKey", resetKey);

                    var emailAddress = reader.IsDBNull(1) ? "" : reader.GetString(1);
                    var username = reader.GetString(2);
                    DbUtil.execute_nonquery(updateQuery);
                    SendMail(emailAddress, resetKey, username);
                }
            }
        }
        protected void Page_Load(Object sender, EventArgs e)
        {

            Util.do_not_cache(Response);

            if (User.IsInRole(BtnetRoles.Admin) || User.Identity.GetCanUseReports())
            {
                //
            }
            else
            {
                Response.Write("You are not allowed to use this page.");
                Response.End();
            }

            Page.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - "
                + "reports";

            var sql = new SQLString(@"
select
rp_desc [report],
case
	when rp_chart_type = 'pie' then
		'<a href=''javascript:select_report(""pie"",' + convert(varchar, rp_id) + ')''>select pie</a>'
	when rp_chart_type = 'line' then
		'<a href=''javascript:select_report(""line"",' + convert(varchar, rp_id) + ')''>select line</a>'
	when rp_chart_type = 'bar' then
		'<a href=''javascript:select_report(""bar"",' + convert(varchar, rp_id) + ')''>select bar</a>'
	else
		'&nbsp;' end [chart],
'<a href=''javascript:select_report(""data"",' + convert(varchar, rp_id) + ')''>select data</a>' [data]
from reports order by rp_desc");

            ds = btnet.DbUtil.get_dataset(sql);

        }
        ///////////////////////////////////////////////////////////////////////
        protected void Page_Load(Object sender, EventArgs e)
        {

            Util.do_not_cache(Response);

            string id = Util.sanitize_integer(Request["id"]);

            if (!User.IsInRole(BtnetRoles.Admin))
            {
                sql = new SQLString(@"select us_created_user, us_admin from users where us_id = @us");
                sql = sql.AddParameterWithValue("us", id);
                DataRow dr = DbUtil.get_datarow(sql);

                if (User.Identity.GetUserId() != (int)dr["us_created_user"])
                {
                    Response.Write("You not allowed to delete this user, because you didn't create it.");
                    Response.End();
                }
                else if ((int)dr["us_admin"] == 1)
                {
                    Response.Write("You not allowed to delete this user, because it is an admin.");
                    Response.End();
                }
            }

            if (IsPostBack)
            {
                // do delete here
                sql = new SQLString(@"
delete from emailed_links where el_username in (select us_username from users where us_id = @us)
delete users where us_id = @us
delete project_user_xref where pu_user = @us
delete bug_subscriptions where bs_user = @us
delete bug_user where bu_user = @us
delete queries where qu_user = @us
delete queued_notifications where qn_user = @us
delete dashboard_items where ds_user = @us");

                sql = sql.AddParameterWithValue("us", Util.sanitize_integer(row_id.Value));
                DbUtil.execute_nonquery(sql);
                Server.Transfer("users.aspx");
            }
            else
            {
                Page.Header.Title= Util.get_setting("AppTitle", "BugTracker.NET") + " - "
                    + "delete user";

                sql = new SQLString(@"declare @cnt int
select @cnt = count(1) from bugs where bg_reported_user = @us or bg_assigned_to_user = @us
if @cnt = 0
begin
	select @cnt = count(1) from bug_posts where bp_user = @us
end
select us_username, @cnt [cnt] from users where us_id = @us");


                sql = sql.AddParameterWithValue("us", id);

                DataRow dr = DbUtil.get_datarow(sql);

                if ((int)dr["cnt"] > 0)
                {
                    Response.Write("You can't delete user \""
                        + Convert.ToString(dr["us_username"])
                        + "\" because some bugs or bug posts still reference it.");
                    Response.End();
                }
                else
                {

                    confirm_href.InnerText = "confirm delete of \""
                        + Convert.ToString(dr["us_username"])
                        + "\"";

                    row_id.Value = id;

                }
            }

        }
Beispiel #24
0
 ///////////////////////////////////////////////////////////////////////
 public static DataView get_dataview(SQLString sql)
 {
     DataSet ds = get_dataset(sql);
     return new DataView(ds.Tables[0]);
 }
        ///////////////////////////////////////////////////////////////////////
        void on_update()
        {

            if (!validate()) return;

            sql = new SQLString(@"
insert into bug_posts
	(bp_bug, bp_user, bp_date, bp_comment, bp_comment_search, bp_email_from, bp_email_to, bp_type, bp_content_type, bp_email_cc)
	values(@id, @us, getdate(), @cm, @cs, @fr,  @to, 'sent', @ct, @cc);
select scope_identity()
update bugs set
	bg_last_updated_user = @us,
	bg_last_updated_date = getdate()
	where bg_id = @id");

            sql = sql.AddParameterWithValue("id", bg_id.Value);
            sql = sql.AddParameterWithValue("us", Convert.ToString(User.Identity.GetUserId()));
            if (User.Identity.GetUseFCKEditor())
            {
                string adjusted_body = "Subject: " + subject.Value + "<br><br>";
                adjusted_body += btnet.Util.strip_dangerous_tags(body.Value);

                sql = sql.AddParameterWithValue("cm", adjusted_body);
                sql = sql.AddParameterWithValue("cs", adjusted_body);
                sql = sql.AddParameterWithValue("ct", "text/html");
            }
            else
            {
                string adjusted_body = "Subject: " + subject.Value + "\n\n";
                adjusted_body += HttpUtility.HtmlDecode(body.Value);

                sql = sql.AddParameterWithValue("cm", adjusted_body);
                sql = sql.AddParameterWithValue("cs", adjusted_body);
                sql = sql.AddParameterWithValue("ct", "text/plain");
            }
            sql = sql.AddParameterWithValue("fr", from.SelectedItem.Value);
            sql = sql.AddParameterWithValue("to", to.Value);
            sql = sql.AddParameterWithValue("cc", cc.Value);

            int comment_id = Convert.ToInt32(btnet.DbUtil.execute_scalar(sql));

            int[] attachments = handle_attachments(comment_id);

            string body_text;
            MailFormat format;
            MailPriority priority;

            switch (prior.SelectedItem.Value)
            {
                case "High":
                    priority = MailPriority.High;
                    break;
                case "Low":
                    priority = MailPriority.Low;
                    break;
                default:
                    priority = MailPriority.Normal;
                    break;
            }

            if (include_bug.Checked)
            {

                // white space isn't handled well, I guess.
                if (User.Identity.GetUseFCKEditor())
                {
                    body_text = body.Value;
                    body_text += "<br><br>";
                }
                else
                {
                    body_text = body.Value.Replace("\n", "<br>");
                    body_text = body_text.Replace("\t", "&nbsp;&nbsp;&nbsp;&nbsp;");
                    body_text = body_text.Replace("  ", "&nbsp; ");
                }
                body_text += "<hr>" + get_bug_text(Convert.ToInt32(bg_id.Value));

                format = MailFormat.Html;
            }
            else
            {
                if (User.Identity.GetUseFCKEditor())
                {
                    body_text = body.Value;
                    format = MailFormat.Html;
                }
                else
                {
                    body_text = HttpUtility.HtmlDecode(body.Value);
                    //body_text = body_text.Replace("\n","\r\n");
                    format = MailFormat.Text;
                }
            }

            string result = Email.send_email( // 9 args
                to.Value,
                from.SelectedItem.Value,
                cc.Value,
                subject.Value,
                body_text,
                format,
                priority,
                attachments,
                return_receipt.Checked);

            btnet.Bug.send_notifications(btnet.Bug.UPDATE, Convert.ToInt32(bg_id.Value), User.Identity);
            btnet.WhatsNew.add_news(Convert.ToInt32(bg_id.Value), short_desc.Value, "email sent", User.Identity);

            if (result == "")
            {
                Response.Redirect("edit_bug.aspx?id=" + bg_id.Value);
            }
            else
            {
                msg.InnerText = result;
            }

        }
        ///////////////////////////////////////////////////////////////////////
        public void Page_Load(Object sender, EventArgs e)
        {
            btnet.Util.do_not_cache(Response);            
            Page.Header.Title = btnet.Util.get_setting("AppTitle", "BugTracker.NET") + " - "
                + "send email";

            msg.InnerText = "";

            string string_bp_id = Request["bp_id"];
            string string_bg_id = Request["bg_id"];
            string request_to = Request["to"];
            string reply = Request["reply"];

            enable_internal_posts = (Util.get_setting("EnableInternalOnlyPosts", "0") == "1");

            if (!enable_internal_posts)
            {
                include_internal_posts.Visible = false;
                include_internal_posts_label.Visible = false;
            }

            if (!IsPostBack)
            {

                Session["email_addresses"] = null;

                DataRow dr = null;

                if (string_bp_id != null)
                {

                    string_bp_id = btnet.Util.sanitize_integer(string_bp_id);

                    sql = new SQLString(@"select
				bp_parent,
                bp_file,
                bp_id,
				bg_id,
				bg_short_desc,
				bp_email_from,
				bp_comment,
				bp_email_from,
				bp_date,
				bp_type,
                bp_content_type,
				bg_project,
                bp_hidden_from_external_users,
				isnull(us_signature,'') [us_signature],
				isnull(pj_pop3_email_from,'') [pj_pop3_email_from],
				isnull(us_email,'') [us_email],
				isnull(us_firstname,'') [us_firstname],
				isnull(us_lastname,'') [us_lastname]				
				from bug_posts
				inner join bugs on bp_bug = bg_id
				inner join users on us_id = @us
				left outer join projects on bg_project = pj_id
				where bp_id = @id
				or (bp_parent = @id and bp_type='file')");

                    sql = sql.AddParameterWithValue("id", string_bp_id);
                    sql = sql.AddParameterWithValue("us", Convert.ToString(User.Identity.GetUserId()));

                    DataView dv = btnet.DbUtil.get_dataview(sql);
                    dr = null;
                    if (dv.Count > 0)
                    {
                        dv.RowFilter = "bp_id = " + string_bp_id;
                        if (dv.Count > 0)
                        {
                            dr = dv[0].Row;
                        }
                    }

                    int int_bg_id = (int)dr["bg_id"];
                    int permission_level = btnet.Bug.get_bug_permission_level(int_bg_id, User.Identity);
                    if (permission_level == PermissionLevel.None)
                    {
                        Response.Write("You are not allowed to view this item");
                        Response.End();
                    }

                    if ((int)dr["bp_hidden_from_external_users"] == 1)
                    {
                        if (User.Identity.GetIsExternalUser())
                        {
                            Response.Write("You are not allowed to view this post");
                            Response.End();
                        }
                    }

                    string_bg_id = Convert.ToString(dr["bg_id"]);
                    back_href.HRef = "edit_bug.aspx?id=" + string_bg_id;
                    bg_id.Value = string_bg_id;


                    to.Value = dr["bp_email_from"].ToString();


                    // Work around for a mysterious bug:
                    // http://sourceforge.net/tracker/?func=detail&aid=2815733&group_id=66812&atid=515837
                    if (btnet.Util.get_setting("StripDisplayNameFromEmailAddress", "0") == "1")
                    {
                        to.Value = Email.simplify_email_address(to.Value);
                    }

                    load_from_dropdown(dr, true); // list the project's email address first

                    if (reply != null && reply == "all")
                    {
                        Regex regex = new Regex("\n");
                        string[] lines = regex.Split((string)dr["bp_comment"]);
                        string cc_addrs = "";

                        int max = lines.Length < 5 ? lines.Length : 5;

                        // gather cc addresses, which might include the current user
                        for (int i = 0; i < max; i++)
                        {
                            if (lines[i].StartsWith("To:") || lines[i].StartsWith("Cc:"))
                            {
                                string cc_addr = lines[i].Substring(3, lines[i].Length - 3).Trim();

                                // don't cc yourself

                                if (cc_addr.IndexOf(from.SelectedItem.Value) == -1)
                                {
                                    if (cc_addrs != "")
                                    {
                                        cc_addrs += ",";
                                    }

                                    cc_addrs += cc_addr;
                                }
                            }
                        }

                        cc.Value = cc_addrs;
                    }

                    if (dr["us_signature"].ToString() != "")
                    {
                        if (User.Identity.GetUseFCKEditor())
                        {
                            body.Value += "<br><br><br>";
                            body.Value += dr["us_signature"].ToString().Replace("\r\n", "<br>");
                            body.Value += "<br><br><br>";
                        }
                        else
                        {
                            body.Value += "\n\n\n";
                            body.Value += dr["us_signature"].ToString();
                            body.Value += "\n\n\n";
                        }
                    }


                    if (Request["quote"] != null)
                    {
                        Regex regex = new Regex("\n");
                        string[] lines = regex.Split((string)dr["bp_comment"]);

                        if (dr["bp_type"].ToString() == "received")
                        {
                            if (User.Identity.GetUseFCKEditor())
                            {
                                body.Value += "<br><br><br>";
                                body.Value += "&#62;From: " + dr["bp_email_from"].ToString().Replace("<", "&#60;").Replace(">", "&#62;") + "<br>";
                            }
                            else
                            {
                                body.Value += "\n\n\n";
                                body.Value += ">From: " + dr["bp_email_from"] + "\n";
                            }
                        }

                        bool next_line_is_date = false;
                        for (int i = 0; i < lines.Length; i++)
                        {
                            if (i < 4 && (lines[i].IndexOf("To:") == 0 || lines[i].IndexOf("Cc:") == 0))
                            {
                                next_line_is_date = true;
                                if (User.Identity.GetUseFCKEditor())
                                {
                                    body.Value += "&#62;" + lines[i].Replace("<", "&#60;").Replace(">", "&#62;") + "<br>";
                                }
                                else
                                {
                                    body.Value += ">" + lines[i] + "\n";
                                }
                            }
                            else if (next_line_is_date)
                            {
                                next_line_is_date = false;
                                if (User.Identity.GetUseFCKEditor())
                                {
                                    body.Value += "&#62;Date: " + Convert.ToString(dr["bp_date"]) + "<br>&#62;<br>";
                                }
                                else
                                {
                                    body.Value += ">Date: " + Convert.ToString(dr["bp_date"]) + "\n>\n";
                                }
                            }
                            else
                            {
                                if (User.Identity.GetUseFCKEditor())
                                {
                                    if (Convert.ToString(dr["bp_content_type"]) != "text/html")
                                    {
                                        body.Value += "&#62;" + lines[i].Replace("<", "&#60;").Replace(">", "&#62;") + "<br>";
                                    }
                                    else
                                    {
                                        if (i == 0)
                                        {
                                            body.Value += "<hr>";
                                        }

                                        body.Value += lines[i];
                                    }
                                }
                                else
                                {
                                    body.Value += ">" + lines[i] + "\n";
                                }
                            }
                        }
                    }

                    if (reply == "forward")
                    {
                        to.Value = "";
                        //original attachments
                        //dv.RowFilter = "bp_parent = " + string_bp_id;
                        dv.RowFilter = "bp_type = 'file'";
                        foreach (DataRowView drv in dv)
                        {
                            attachments_label.InnerText = "Select attachments to forward:";
                            lstAttachments.Items.Add(new ListItem(drv["bp_file"].ToString(), drv["bp_id"].ToString()));
                        }

                    }

                }
                else if (string_bg_id != null)
                {

                    string_bg_id = btnet.Util.sanitize_integer(string_bg_id);

                    int permission_level = btnet.Bug.get_bug_permission_level(Convert.ToInt32(string_bg_id), User.Identity);
                    if (permission_level == PermissionLevel.None
                    || permission_level == PermissionLevel.ReadOnly)
                    {
                        Response.Write("You are not allowed to edit this item");
                        Response.End();
                    }

                    sql = new SQLString(@"select
				bg_short_desc,
				bg_project,
				isnull(us_signature,'') [us_signature],
				isnull(us_email,'') [us_email],
				isnull(us_firstname,'') [us_firstname],
				isnull(us_lastname,'') [us_lastname],
				isnull(pj_pop3_email_from,'') [pj_pop3_email_from]
				from bugs
				inner join users on us_id = @us
				left outer join projects on bg_project = pj_id
				where bg_id = @bg");

                    sql = sql.AddParameterWithValue("us", Convert.ToString(User.Identity.GetUserId()));
                    sql = sql.AddParameterWithValue("bg", string_bg_id);

                    dr = btnet.DbUtil.get_datarow(sql);

                    load_from_dropdown(dr, false); // list the user's email first, then the project

                    back_href.HRef = "edit_bug.aspx?id=" + string_bg_id;
                    bg_id.Value = string_bg_id;

                    if (request_to != null)
                    {
                        to.Value = request_to;
                    }

                    // Work around for a mysterious bug:
                    // http://sourceforge.net/tracker/?func=detail&aid=2815733&group_id=66812&atid=515837
                    if (btnet.Util.get_setting("StripDisplayNameFromEmailAddress", "0") == "1")
                    {
                        to.Value = Email.simplify_email_address(to.Value);
                    }

                    if (dr["us_signature"].ToString() != "")
                    {
                        if (User.Identity.GetUseFCKEditor())
                        {
                            body.Value += "<br><br><br>";
                            body.Value += dr["us_signature"].ToString().Replace("\r\n", "<br>");
                        }
                        else
                        {
                            body.Value += "\n\n\n";
                            body.Value += dr["us_signature"].ToString();
                        }
                    }


                }

                short_desc.Value = (string)dr["bg_short_desc"];

                if (string_bp_id != null || string_bg_id != null)
                {

                    subject.Value = (string)dr["bg_short_desc"]
                        + "  (" + btnet.Util.get_setting("TrackingIdString", "DO NOT EDIT THIS:")
                        + bg_id.Value
                        + ")";

                    // for determining which users to show in "address book"
                    project = (int)dr["bg_project"];

                }
            }
            else
            {
                on_update();
            }
        }
        ///////////////////////////////////////////////////////////////////////
        void on_update()
        {

            Boolean good = validate();

            if (good)
            {

                sql = new SQLString(@"update bug_posts set
			bp_comment = @comment,
			bp_hidden_from_external_users = @internal
			where bp_id = @bugPostId");

                sql = sql.AddParameterWithValue("bugPostId", Convert.ToString(id));
                sql = sql.AddParameterWithValue("comment", desc.Value.Replace("'", "''"));
                sql = sql.AddParameterWithValue("internal", btnet.Util.bool_to_string(internal_only.Checked));

                btnet.DbUtil.execute_nonquery(sql);

                if (!internal_only.Checked)
                {
                    btnet.Bug.send_notifications(btnet.Bug.UPDATE, bugid, User.Identity);
                }

                Response.Redirect("edit_bug.aspx?id=" + Convert.ToString(bugid));

            }
            else
            {
                msg.InnerText = "Attachment was not updated.";
            }

        }
        ///////////////////////////////////////////////////////////////////////
        protected void Page_Load(Object sender, EventArgs e)
        {

            Master.Menu.SelectedItem = Util.get_setting("PluralBugLabel", "bugs");
            Util.do_not_cache(Response);


            if (User.IsInRole(BtnetRoles.Admin) || User.Identity.GetCanEditAndDeletePosts())
            {
                //
            }
            else
            {
                Response.Write("You are not allowed to use this page.");
                Response.End();
            }


            Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - "
                + "edit attachment";

            msg.InnerText = "";

            string var = Request.QueryString["id"];
            id = Convert.ToInt32(var);

            var = Request.QueryString["bug_id"];
            bugid = Convert.ToInt32(var);

            int permission_level = btnet.Bug.get_bug_permission_level(bugid, User.Identity);
            if (permission_level != PermissionLevel.All)
            {
                Response.Write("You are not allowed to edit this item");
                Response.End();
            }


            if (User.Identity.GetIsExternalUser() || Util.get_setting("EnableInternalOnlyPosts", "0") == "0")
            {
                internal_only.Visible = false;
                internal_only_label.Visible = false;
            }

            if (!IsPostBack)
            {

                // Get this entry's data from the db and fill in the form

                sql = new SQLString(@"select bp_comment, bp_file, bp_hidden_from_external_users from bug_posts where bp_id = @bugPostId");
                sql = sql.AddParameterWithValue("bugPostId", Convert.ToString(id));
                DataRow dr = btnet.DbUtil.get_datarow(sql);

                // Fill in this form
                desc.Value = (string)dr["bp_comment"];
                filename.InnerText = (string)dr["bp_file"];
                internal_only.Checked = Convert.ToBoolean((int)dr["bp_hidden_from_external_users"]);

            }
            else
            {
                on_update();
            }

        }
        ///////////////////////////////////////////////////////////////////////
        protected void Page_Load(Object sender, EventArgs e)
        {
            Util.do_not_cache(Response);

            string id = Util.sanitize_integer(Request["id"]);

            if (!User.IsInRole(BtnetRoles.Admin))
            {
                sql = new SQLString(@"select us_created_user, us_admin from users where us_id = @us");
                sql = sql.AddParameterWithValue("us", id);
                DataRow dr = DbUtil.get_datarow(sql);

                if (User.Identity.GetUserId() != (int)dr["us_created_user"])
                {
                    Response.Write("You not allowed to delete this user, because you didn't create it.");
                    Response.End();
                }
                else if ((int)dr["us_admin"] == 1)
                {
                    Response.Write("You not allowed to delete this user, because it is an admin.");
                    Response.End();
                }
            }

            if (IsPostBack)
            {
                // do delete here
                sql = new SQLString(@"
delete from emailed_links where el_username in (select us_username from users where us_id = @us)
delete users where us_id = @us
delete project_user_xref where pu_user = @us
delete bug_subscriptions where bs_user = @us
delete bug_user where bu_user = @us
delete queries where qu_user = @us
delete queued_notifications where qn_user = @us
delete dashboard_items where ds_user = @us");

                sql = sql.AddParameterWithValue("us", Util.sanitize_integer(row_id.Value));
                DbUtil.execute_nonquery(sql);
                Server.Transfer("users.aspx");
            }
            else
            {
                Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - "
                                    + "delete user";

                sql = new SQLString(@"declare @cnt int
select @cnt = count(1) from bugs where bg_reported_user = @us or bg_assigned_to_user = @us
if @cnt = 0
begin
	select @cnt = count(1) from bug_posts where bp_user = @us
end
select us_username, @cnt [cnt] from users where us_id = @us");


                sql = sql.AddParameterWithValue("us", id);

                DataRow dr = DbUtil.get_datarow(sql);

                if ((int)dr["cnt"] > 0)
                {
                    Response.Write("You can't delete user \""
                                   + Convert.ToString(dr["us_username"])
                                   + "\" because some bugs or bug posts still reference it.");
                    Response.End();
                }
                else
                {
                    confirm_href.InnerText = "confirm delete of \""
                                             + Convert.ToString(dr["us_username"])
                                             + "\"";

                    row_id.Value = id;
                }
            }
        }
        public BugQueryResult ExecuteQuery(IIdentity identity, int start, int length, string orderBy, string sortDirection, bool idOnly, BugQueryFilter[] filters = null)
        {
            if (!string.IsNullOrEmpty(orderBy) && !_columnNames.Contains(orderBy))
            {
                throw new ArgumentException("Invalid order by column specified: {0}", orderBy);
            }

            bool hasFilters = filters != null && filters.Any();
            string columnsToSelect = idOnly ? "id" : "*";
            var innerSql = GetInnerSql(identity);
            var countSql = string.Format("SELECT COUNT(1) FROM ({0}) t", GetInnerSql(identity));

            SQLString sqlString = new SQLString(countSql);

            sqlString.Append(";");
            if (hasFilters)
            {
                sqlString.Append(countSql);
                ApplyWhereClause(sqlString, filters);
                sqlString.Append(";");
            }

            var bugsSql = string.Format("SELECT t.{0} FROM ({1}) t",columnsToSelect, innerSql);
            sqlString.Append(bugsSql);
            

            sqlString.Append(" WHERE id IN (");
            var innerBugsSql = string.Format("SELECT t.id FROM ({0}) t", innerSql);
            sqlString.Append(innerBugsSql);

            ApplyWhereClause(sqlString, filters);
            
            
            if (hasFilters)
            {
                foreach (var filter in filters)
	            {
                    sqlString.AddParameterWithValue(GetCleanParameterName(filter.Column), filter.Value);
	            }
    
            }
           
            sqlString.Append(" ORDER BY ");

            sqlString.Append(BuildDynamicOrderByClause(orderBy, sortDirection));

            sqlString.Append(" OFFSET @offset ROWS FETCH NEXT @page_size ROWS ONLY)");
            
            
            int userId = identity.GetUserId();
            sqlString.AddParameterWithValue("@ME", userId);
            sqlString.AddParameterWithValue("page_size", length > 0 ? length : MaxLength);
            sqlString.AddParameterWithValue("offset", start);
            DataSet dataSet = DbUtil.get_dataset(sqlString);

            var countUnfiltered = Convert.ToInt32(dataSet.Tables[0].Rows[0][0]);
            var countFiltered = hasFilters ? Convert.ToInt32(dataSet.Tables[1].Rows[0][0]) : countUnfiltered;
            var bugDataTableIndex = hasFilters ? 2 : 1;
            
            return new BugQueryResult
            {
                CountUnfiltered = countUnfiltered,
                CountFiltered = countFiltered,
                Data = dataSet.Tables[bugDataTableIndex]
            };

        }
 private string GetInnerSql(IIdentity identity)
 {
     SQLString innerSql = new SQLString(_query.SQL);
     return Util.alter_sql_per_project_permissions(innerSql, identity).ToString();
 }
 private void ApplyWhereClause(SQLString sqlString, BugQueryFilter[] filters)
 {
     if (filters != null && filters.Any())
     {
         sqlString.Append(" WHERE ");
         List<string> conditions = new List<string>();
         foreach (var filter in filters)
         {
             if (!_columnNames.Contains(filter.Column))
             {
                 throw new ArgumentException("Invalid filter column: {0}", filter.Column);
             }
             string parameterName = GetCleanParameterName(filter.Column);
             conditions.Add(string.Format("[{0}] = @{1}", filter.Column, parameterName));
         }
         sqlString.Append(string.Join(" AND ", conditions));
     }
 }