public static void Default_CheckDB(HtmlGenericControl msg)
{
// see if the connection string works
try
{
// Intentionally getting an extra connection here so that we fall into the right "catch"
SqlConnection conn = DbUtil.get_sqlconnection();
conn.Close();
try
{
DbUtil.execute_nonquery("select count(1) from users");
}
catch (SqlException e1)
{
Util.write_to_log(e1.Message);
Util.write_to_log(Util.get_setting("ConnectionString", "?"));
msg.InnerHtml = "Unable to find \"bugs\" table.<br>"
+ "Click to <a href=install.aspx>setup database tables</a>";
}
}
catch (SqlException e2)
{
msg.InnerHtml = "Unable to connect.<br>"
+ e2.Message + "<br>"
+ "Check Web.config file \"ConnectionString\" setting.<br>"
+ "Check also README.html<br>"
+ "Check also <a href=http://sourceforge.net/projects/btnet/forums/forum/226938>Help Forum</a> on Sourceforge.";
}
}
///////////////////////////////////////////////////////////////////////
public static void update_most_recent_login_datetime(int us_id)
{
var sql = new SQLString(@"update users set us_most_recent_login_datetime = getdate() where us_id = @us");
sql = sql.AddParameterWithValue("us", Convert.ToString(us_id));
DbUtil.execute_nonquery(sql);
}
///////////////////////////////////////////////////////////////////////
public static void create_session(HttpRequest Request, HttpResponse Response, int userid, string username, string NTLM)
{
// Generate a random session id
// Don't use a regularly incrementing identity
// column because that can be guessed.
string guid = Guid.NewGuid().ToString();
Util.write_to_log("guid=" + guid);
string sql = @"insert into sessions (se_id, se_user) values('$gu', $us)";
sql = sql.Replace("$gu", guid);
sql = sql.Replace("$us", Convert.ToString(userid));
DbUtil.execute_nonquery(sql);
HttpContext.Current.Session[guid] = userid;
string sAppPath = Request.Url.AbsolutePath;
sAppPath = sAppPath.Substring(0, sAppPath.LastIndexOf('/'));
Util.write_to_log("AppPath:" + sAppPath);
Response.Cookies["se_id"].Value = guid;
Response.Cookies["se_id"].Path = sAppPath;
Response.Cookies["user"]["name"] = username;
Response.Cookies["user"]["NTLM"] = NTLM;
Response.Cookies["user"].Path = sAppPath;
DateTime dt = DateTime.Now;
TimeSpan ts = new TimeSpan(365, 0, 0, 0);
Response.Cookies["user"].Expires = dt.Add(ts);
}
///////////////////////////////////////////////////////////////////////
void on_update()
{
Boolean good = validate();
string ct;
if (good)
{
if (id == 0)
{ // insert new
sql = new SQLString(@"insert into reports
(rp_desc, rp_sql, rp_chart_type)
values (@de, @sq, @ct)" );
}
else
{ // edit existing
sql = new SQLString(@"update reports set
rp_desc = @de,
rp_sql = @sq,
rp_chart_type = @ct
where rp_id = @id" );
sql = sql.AddParameterWithValue("@id", Convert.ToString(id));
}
sql = sql.AddParameterWithValue("@de", desc.Value);
sql = sql.AddParameterWithValue("@sq", Server.HtmlDecode(sql_text.Value));
if (pie.Checked)
{
ct = "pie";
}
else if (bar.Checked)
{
ct = "bar";
}
else if (line.Checked)
{
ct = "line";
}
else
{
ct = "table";
}
sql = sql.AddParameterWithValue("@ct", ct);
DbUtil.execute_nonquery(sql);
Server.Transfer("reports.aspx");
}
else
{
if (id == 0)
{ // insert new
msg.InnerText += "Query was not created.";
}
else
{ // edit existing
msg.InnerText += "Query was not updated.";
}
}
}
///////////////////////////////////////////////////////////////////////
public static void update_most_recent_login_datetime(int us_id)
{
string sql = @"update users set us_most_recent_login_datetime = getdate() where us_id = $us";
sql = sql.Replace("$us", Convert.ToString(us_id));
DbUtil.execute_nonquery(sql);
}
///////////////////////////////////////////////////////////////////////
// Send the emails in the queue
protected static void actually_send_the_emails()
{
Util.write_to_log("actually_send_the_emails");
string sql = @"select * from queued_notifications where qn_status = N'not sent' and qn_retries < 3";
// create a new one, just in case there would be multithreading issues...
// get the pending notifications
DataSet ds = DbUtil.get_dataset(sql);
foreach (DataRow dr in ds.Tables[0].Rows)
{
string err = "";
try
{
string to = (string)dr["qn_to"];
Util.write_to_log("sending email to " + to);
// try to send it
err = Email.send_email(
(string)dr["qn_to"],
(string)dr["qn_from"],
"", // cc
(string)dr["qn_subject"],
(string)dr["qn_body"],
BtnetMailFormat.Html);
if (err == "")
{
sql = "delete from queued_notifications where qn_id = $qn_id";
}
}
catch (Exception e)
{
err = e.Message;
if (e.InnerException != null)
{
err += "; ";
err += e.InnerException.Message;
}
}
if (err != "")
{
sql = "update queued_notifications set qn_retries = qn_retries + 1, qn_last_exception = N'$ex' where qn_id = $qn_id";
sql = sql.Replace("$ex", err.Replace("'", "''"));
}
sql = sql.Replace("$qn_id", Convert.ToString(dr["qn_id"]));
// update the row or delete the row
DbUtil.execute_nonquery(sql);
}
}
///////////////////////////////////////////////////////////////////////
public static void apply_post_insert_rules(int bugid)
{
string sql = Util.get_setting("UpdateBugAfterInsertBugAspxSql", "");
if (sql != "")
{
sql = sql.Replace("$BUGID$", Convert.ToString(bugid));
DbUtil.execute_nonquery(sql);
}
}
///////////////////////////////////////////////////////////////////////
protected void Page_Load(Object sender, EventArgs e)
{
Util.do_not_cache(Response);
if (Request.QueryString["ses"] != (string)Session["session_cookie"])
{
Response.Write("session in URL doesn't match session cookie");
Response.End();
}
string string_bugid = Util.sanitize_integer(Request["bugid"]);
int bugid = Convert.ToInt32(string_bugid);
int permission_level = Bug.get_bug_permission_level(bugid, User.Identity);
if (permission_level != PermissionLevel.All)
{
Response.Write("You are not allowed to edit this item");
Response.End();
}
string string_tsk_id = Util.sanitize_integer(Request["id"]);
int tsk_id = Convert.ToInt32(string_tsk_id);
if (IsPostBack)
{
// do delete here
sql = new SQLString(@"delete bug_tasks where tsk_id = @tsk_id and tsk_bug = @bugid");
sql = sql.AddParameterWithValue("tsk_id", string_tsk_id);
sql = sql.AddParameterWithValue("bugid", string_bugid);
DbUtil.execute_nonquery(sql);
Response.Redirect("tasks.aspx?bugid=" + string_bugid);
}
else
{
Page.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - "
+ "delete task";
back_href.HRef = "tasks.aspx?bugid=" + string_bugid;
sql = new SQLString(@"select tsk_description from bug_tasks where tsk_id = @tsk_id and tsk_bug = @bugid");
sql = sql.AddParameterWithValue("tsk_id", string_tsk_id);
sql = sql.AddParameterWithValue("bugid", string_bugid);
DataRow dr = DbUtil.get_datarow(sql);
confirm_href.InnerText = "confirm delete of task: " + Convert.ToString(dr["tsk_description"]);
}
}
///////////////////////////////////////////////////////////////////////
public static void update_user_password(int us_id, string unencypted)
{
Random random = new Random();
int salt = random.Next(10000, 99999);
string encrypted = Util.encrypt_string_using_MD5(unencypted + Convert.ToString(salt));
string sql = "update users set us_password = N'$en', us_salt = $salt where us_id = $id";
sql = sql.Replace("$en", encrypted);
sql = sql.Replace("$salt", Convert.ToString(salt));
sql = sql.Replace("$id", Convert.ToString(us_id));
DbUtil.execute_nonquery(sql);
}
///////////////////////////////////////////////////////////////////////
public static void delete_bug(int bugid)
{
// delete attachements
string id = Convert.ToString(bugid);
string upload_folder = Util.get_upload_folder();
string sql = @"select bp_id, bp_file from bug_posts where bp_type = 'file' and bp_bug = $bg";
sql = sql.Replace("$bg", id);
DataSet ds = DbUtil.get_dataset(sql);
if (upload_folder != null && upload_folder != "")
{
foreach (DataRow dr in ds.Tables[0].Rows)
{
// create path
StringBuilder path = new StringBuilder(upload_folder);
path.Append("\\");
path.Append(id);
path.Append("_");
path.Append(Convert.ToString(dr["bp_id"]));
path.Append("_");
path.Append(Convert.ToString(dr["bp_file"]));
if (System.IO.File.Exists(path.ToString()))
{
System.IO.File.Delete(path.ToString());
}
}
}
// delete the database entries
sql = @"
delete bug_post_attachments from bug_post_attachments inner join bug_posts on bug_post_attachments.bpa_post = bug_posts.bp_id where bug_posts.bp_bug = $bg
delete from bug_posts where bp_bug = $bg
delete from bug_subscriptions where bs_bug = $bg
delete from bug_relationships where re_bug1 = $bg
delete from bug_relationships where re_bug2 = $bg
delete from bug_user where bu_bug = $bg
delete from bug_tasks where tsk_bug = $bg
delete from bugs where bg_id = $bg";
sql = sql.Replace("$bg", id);
DbUtil.execute_nonquery(sql);
}
///////////////////////////////////////////////////////////////////////
protected void Page_Load(Object sender, EventArgs e)
{
Util.do_not_cache(Response);
if (IsPostBack)
{
// do delete here
sql = new SQLString(@"delete priorities where pr_id = @prid");
sql = sql.AddParameterWithValue("prid", Util.sanitize_integer(row_id.Value));
DbUtil.execute_nonquery(sql);
Server.Transfer("priorities.aspx");
}
else
{
Master.Menu.SelectedItem = "admin";
Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - "
+ "delete priority";
string id = Util.sanitize_integer(Request["id"]);
sql = new SQLString(@"declare @cnt int
select @cnt = count(1) from bugs where bg_priority = @id
select pr_name, @cnt [cnt] from priorities where pr_id = @id" );
sql = sql.AddParameterWithValue("id", id);
DataRow dr = DbUtil.get_datarow(sql);
if ((int)dr["cnt"] > 0)
{
Response.Write("You can't delete priority \""
+ Convert.ToString(dr["pr_name"])
+ "\" because some bugs still reference it.");
Response.End();
}
else
{
confirm_href.InnerText = "confirm delete of \""
+ Convert.ToString(dr["pr_name"])
+ "\"";
row_id.Value = id;
}
}
}
///////////////////////////////////////////////////////////////////////
protected void Page_Load(Object sender, EventArgs e)
{
Util.do_not_cache(Response);
if (IsPostBack)
{
// do delete here
sql = new SQLString(@"delete orgs where og_id = @orgid");
sql = sql.AddParameterWithValue("orgid", Util.sanitize_integer(row_id.Value));
DbUtil.execute_nonquery(sql);
Server.Transfer("orgs.aspx");
}
else
{
Page.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - "
+ "delete organization";
string id = Util.sanitize_integer(Request["id"]);
sql = new SQLString(@"declare @cnt int
select @cnt = count(1) from users where us_org = @orgid;
select @cnt = @cnt + count(1) from queries where qu_org = @orgid;
select @cnt = @cnt + count(1) from bugs where bg_org = @orgid;
select og_name, @cnt [cnt] from orgs where og_id = @orgid" );
sql = sql.AddParameterWithValue("orgid", id);
DataRow dr = DbUtil.get_datarow(sql);
if ((int)dr["cnt"] > 0)
{
Response.Write("You can't delete organization \""
+ Convert.ToString(dr["og_name"])
+ "\" because some bugs, users, queries still reference it.");
Response.End();
}
else
{
confirm_href.InnerText = "confirm delete of \""
+ Convert.ToString(dr["og_name"])
+ "\"";
row_id.Value = id;
}
}
}
public static void threadproc_votes(object obj)
{
Util.write_to_log("threadproc_votes");
try
{
System.Web.HttpApplicationState app = (System.Web.HttpApplicationState)obj;
// Because "create view" wants to be the first in a batch, it won't work in setup.sql.
// So let's just run it here every time.
string sql = @"
if exists (select * from dbo.sysobjects where id = object_id(N'[votes_view]'))
drop view [votes_view]";
DbUtil.execute_nonquery(sql);
sql = @"
create view votes_view as
select bu_bug as vote_bug, sum(bu_vote) as vote_total
from bug_user
group by bu_bug
having sum(bu_vote) > 0";
DbUtil.execute_nonquery(sql);
sql = @"
select bu_bug, count(1)
from bug_user
where bu_vote = 1
group by bu_bug";
DataSet ds = DbUtil.get_dataset(sql);
foreach (DataRow dr in ds.Tables[0].Rows)
{
app[Convert.ToString(dr[0])] = (int)dr[1];
}
}
catch (Exception ex)
{
Util.write_to_log("exception in threadproc_votes:" + ex.Message);
}
}
///////////////////////////////////////////////////////////////////////
protected void Page_Load(Object sender, EventArgs e)
{
Util.do_not_cache(Response);
if (User.IsInRole(BtnetRoles.Admin) || User.Identity.GetCanEditReports())
{
//
}
else
{
Response.Write("You are not allowed to use this page.");
Response.End();
}
SQLString sql;
if (IsPostBack)
{
// do delete here
sql = new SQLString(@"
delete reports where rp_id = @reportId;
delete dashboard_items where ds_report = @reportId");
sql = sql.AddParameterWithValue("reportId", Util.sanitize_integer(row_id.Value));
DbUtil.execute_nonquery(sql);
Server.Transfer("reports.aspx");
}
else
{
Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - "
+ "delete report";
string id = Util.sanitize_integer(Request["id"]);
sql = new SQLString(@"select rp_desc from reports where rp_id = @id");
sql = sql.AddParameterWithValue("id", id);
DataRow dr = DbUtil.get_datarow(sql);
confirm_href.InnerText = "confirm delete of report: "
+ Convert.ToString(dr["rp_desc"]);
row_id.Value = id;
}
}
///////////////////////////////////////////////////////////////////////
protected void Page_Load(Object sender, EventArgs e)
{
Util.do_not_cache(Response);
if (Request.QueryString["ses"] != (string)Session["session_cookie"])
{
Response.Write("session in URL doesn't match session cookie");
Response.End();
}
var sql = new SQLString("delete from bug_subscriptions where bs_bug = @bg_id and bs_user = @us_id");
sql = sql.AddParameterWithValue("$bg_id", Util.sanitize_integer(Request["bg_id"]));
sql = sql.AddParameterWithValue("$us_id", Util.sanitize_integer(Request["us_id"]));
DbUtil.execute_nonquery(sql);
Response.Redirect("view_subscribers.aspx?id=" + Util.sanitize_integer(Request["bg_id"]));
}
protected void Page_Load(object sender, EventArgs e)
{
var sql = new SQLString("select us_id, us_email, us_username from users");
using (var reader = DbUtil.execute_reader(sql, System.Data.CommandBehavior.Default))
{
while (reader.Read())
{
var id = reader.GetInt32(0);
var updateQuery = new SQLString("update users set password_reset_key=@resetKey where us_id = @id");
updateQuery.AddParameterWithValue("@id", id);
var resetKey = Util.GenerateRandomString();
updateQuery.AddParameterWithValue("@resetKey", resetKey);
var emailAddress = reader.IsDBNull(1) ? "" : reader.GetString(1);
var username = reader.GetString(2);
DbUtil.execute_nonquery(updateQuery);
SendMail(emailAddress, resetKey, username);
}
}
}
///////////////////////////////////////////////////////////////////////
protected void Page_Load(Object sender, EventArgs e)
{
Util.do_not_cache(Response);
this.Master.Menu.SelectedItem = Util.get_setting("PluralBugLabel", "bugs");
if (User.IsInRole(BtnetRoles.Admin) || User.Identity.GetCanEditAndDeleteBugs())
{
//
}
else
{
Response.Write("You are not allowed to use this page.");
Response.End();
}
string attachment_id_string = Util.sanitize_integer(Request["id"]);
string bug_id_string = Util.sanitize_integer(Request["bug_id"]);
int permission_level = Bug.get_bug_permission_level(Convert.ToInt32(bug_id_string), User.Identity);
if (permission_level != PermissionLevel.All)
{
Response.Write("You are not allowed to edit this item");
Response.End();
}
if (IsPostBack)
{
// save the filename before deleting the row
sql = new SQLString(@"select bp_file from bug_posts where bp_id = @ba");
sql = sql.AddParameterWithValue("ba", attachment_id_string);
string filename = (string)DbUtil.execute_scalar(sql);
// delete the row representing the attachment
sql = new SQLString(@"delete bug_post_attachments where bpa_post = @ba
delete bug_posts where bp_id = @ba");
sql = sql.AddParameterWithValue("ba", attachment_id_string);
DbUtil.execute_nonquery(sql);
// delete the file too
string upload_folder = Util.get_upload_folder();
if (upload_folder != null)
{
StringBuilder path = new StringBuilder(upload_folder);
path.Append("\\");
path.Append(bug_id_string);
path.Append("_");
path.Append(attachment_id_string);
path.Append("_");
path.Append(filename);
if (System.IO.File.Exists(path.ToString()))
{
System.IO.File.Delete(path.ToString());
}
}
Response.Redirect("edit_bug.aspx?id=" + bug_id_string);
}
else
{
Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - "
+ "delete attachment";
back_href.HRef = "edit_bug.aspx?id=" + bug_id_string;
sql = new SQLString(@"select bp_file from bug_posts where bp_id = @id");
sql = sql.AddParameterWithValue("id", attachment_id_string);
DataRow dr = DbUtil.get_datarow(sql);
string s = Convert.ToString(dr["bp_file"]);
confirm_href.InnerText = "confirm delete of attachment: " + s;
row_id.Value = attachment_id_string;
}
}
///////////////////////////////////////////////////////////////////////
void on_update()
{
Boolean good = validate();
if (good)
{
if (tsk_id == 0) // insert new
{
sql = new SQLString(@"
insert into bug_tasks (
tsk_bug,
tsk_created_user,
tsk_created_date,
tsk_last_updated_user,
tsk_last_updated_date,
tsk_assigned_to_user,
tsk_planned_start_date,
tsk_actual_start_date,
tsk_planned_end_date,
tsk_actual_end_date,
tsk_planned_duration,
tsk_actual_duration,
tsk_duration_units,
tsk_percent_complete,
tsk_status,
tsk_sort_sequence,
tsk_description
)
values (
@tsk_bug,
@tsk_created_user,
getdate(),
@tsk_last_updated_user,
getdate(),
@tsk_assigned_to_user,
@tsk_planned_start_date,
@tsk_actual_start_date,
@tsk_planned_end_date,
@tsk_actual_end_date,
@tsk_planned_duration,
@tsk_actual_duration,
@tsk_duration_units,
@tsk_percent_complete,
@tsk_status,
@tsk_sort_sequence,
@tsk_description
);
declare @tsk_id int
select @tsk_id = scope_identity()
insert into bug_posts
(bp_bug, bp_user, bp_date, bp_comment, bp_type)
values(@tsk_bug, @tsk_last_updated_user, getdate(), N'added task ' + convert(varchar, @tsk_id), 'update')");
sql = sql.AddParameterWithValue("tsk_created_user", Convert.ToString(User.Identity.GetUserId()));
}
else // edit existing
{
sql = new SQLString(@"
update bug_tasks set
tsk_last_updated_user = @tsk_last_updated_user,
tsk_last_updated_date = getdate(),
tsk_assigned_to_user = @tsk_assigned_to_user,
tsk_planned_start_date = '@tsk_planned_start_date',
tsk_actual_start_date = '@tsk_actual_start_date',
tsk_planned_end_date = '@tsk_planned_end_date',
tsk_actual_end_date = '@tsk_actual_end_date',
tsk_planned_duration = @tsk_planned_duration,
tsk_actual_duration = @tsk_actual_duration,
tsk_duration_units = @tsk_duration_units,
tsk_percent_complete = @tsk_percent_complete,
tsk_status = @tsk_status,
tsk_sort_sequence = @tsk_sort_sequence,
tsk_description = @tsk_description
where tsk_id = @tsk_id;
insert into bug_posts
(bp_bug, bp_user, bp_date, bp_comment, bp_type)
values(@tsk_bug, @tsk_last_updated_user, getdate(), N'updated task ' + @tsk_id, 'update')");
sql = sql.AddParameterWithValue("tsk_id", Convert.ToString(tsk_id));
}
sql = sql.AddParameterWithValue("tsk_bug", Convert.ToString(bugid));
sql = sql.AddParameterWithValue("tsk_last_updated_user", Convert.ToString(User.Identity.GetUserId()));
sql = sql.AddParameterWithValue("tsk_planned_start_date", format_date_hour_min(
planned_start_date.Value,
planned_start_hour.SelectedItem.Value,
planned_start_min.SelectedItem.Value));
sql = sql.AddParameterWithValue("tsk_actual_start_date", format_date_hour_min(
actual_start_date.Value,
actual_start_hour.SelectedItem.Value,
actual_start_min.SelectedItem.Value));
sql = sql.AddParameterWithValue("tsk_planned_end_date", format_date_hour_min(
planned_end_date.Value,
planned_end_hour.SelectedItem.Value,
planned_end_min.SelectedItem.Value));
sql = sql.AddParameterWithValue("tsk_actual_end_date", format_date_hour_min(
actual_end_date.Value,
actual_end_hour.SelectedItem.Value,
actual_end_min.SelectedItem.Value));
sql = sql.AddParameterWithValue("tsk_planned_duration", format_decimal_for_db(planned_duration.Value));
sql = sql.AddParameterWithValue("tsk_actual_duration", format_decimal_for_db(actual_duration.Value));
sql = sql.AddParameterWithValue("tsk_percent_complete", format_number_for_db(percent_complete.Value));
sql = sql.AddParameterWithValue("tsk_status", status.SelectedItem.Value);
sql = sql.AddParameterWithValue("tsk_sort_sequence", format_number_for_db(sort_sequence.Value));
sql = sql.AddParameterWithValue("tsk_assigned_to_user", assigned_to.SelectedItem.Value);
sql = sql.AddParameterWithValue("tsk_description", desc.Value);
sql = sql.AddParameterWithValue("tsk_duration_units", duration_units.SelectedItem.Value);
DbUtil.execute_nonquery(sql);
Bug.send_notifications(Bug.UPDATE, bugid, User.Identity);
Response.Redirect("tasks.aspx?bugid=" + Convert.ToString(bugid));
}
else
{
if (tsk_id == 0) // insert new
{
msg.InnerText = "Task was not created.";
}
else // edit existing
{
msg.InnerText = "Task was not updated.";
}
}
}
///////////////////////////////////////////////////////////////////////
protected void Page_Load(Object sender, EventArgs e)
{
Master.Menu.SelectedItem = Util.get_setting("PluralBugLabel", "bugs");
Util.do_not_cache(Response);
if (User.IsInRole(BtnetRoles.Admin) || User.Identity.GetCanEditAndDeletePosts())
{
//
}
else
{
Response.Write("You are not allowed to use this page.");
Response.End();
}
if (IsPostBack)
{
// do delete here
sql = new SQLString(@"delete bug_posts where bp_id = @bpid");
sql = sql.AddParameterWithValue("bpid", Util.sanitize_integer(row_id.Value));
DbUtil.execute_nonquery(sql);
Response.Redirect("edit_bug.aspx?id=" + Util.sanitize_integer(redirect_bugid.Value));
}
else
{
string bug_id = Util.sanitize_integer(Request["bug_id"]);
redirect_bugid.Value = bug_id;
int permission_level = Bug.get_bug_permission_level(Convert.ToInt32(bug_id), User.Identity);
if (permission_level != PermissionLevel.All)
{
Response.Write("You are not allowed to edit this item");
Response.End();
}
Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - "
+ "delete comment";
string id = Util.sanitize_integer(Request["id"]);
back_href.HRef = "edit_bug.aspx?id=" + bug_id;
sql = new SQLString(@"select bp_comment from bug_posts where bp_id = @bpid");
sql = sql.AddParameterWithValue("bpid", id);
DataRow dr = DbUtil.get_datarow(sql);
// show the first few chars of the comment
string s = Convert.ToString(dr["bp_comment"]);
int len = 20;
if (s.Length < len)
{
len = s.Length;
}
confirm_href.InnerText = "confirm delete of comment: "
+ s.Substring(0, len)
+ "...";
row_id.Value = id;
}
}
///////////////////////////////////////////////////////////////////////
protected void Page_Load(Object sender, EventArgs e)
{
Util.do_not_cache(Response);
string id = Util.sanitize_integer(Request["id"]);
if (!User.IsInRole(BtnetRoles.Admin))
{
sql = new SQLString(@"select us_created_user, us_admin from users where us_id = @us");
sql = sql.AddParameterWithValue("us", id);
DataRow dr = DbUtil.get_datarow(sql);
if (User.Identity.GetUserId() != (int)dr["us_created_user"])
{
Response.Write("You not allowed to delete this user, because you didn't create it.");
Response.End();
}
else if ((int)dr["us_admin"] == 1)
{
Response.Write("You not allowed to delete this user, because it is an admin.");
Response.End();
}
}
if (IsPostBack)
{
// do delete here
sql = new SQLString(@"
delete from emailed_links where el_username in (select us_username from users where us_id = @us)
delete users where us_id = @us
delete project_user_xref where pu_user = @us
delete bug_subscriptions where bs_user = @us
delete bug_user where bu_user = @us
delete queries where qu_user = @us
delete queued_notifications where qn_user = @us
delete dashboard_items where ds_user = @us");
sql = sql.AddParameterWithValue("us", Util.sanitize_integer(row_id.Value));
DbUtil.execute_nonquery(sql);
Server.Transfer("users.aspx");
}
else
{
Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - "
+ "delete user";
sql = new SQLString(@"declare @cnt int
select @cnt = count(1) from bugs where bg_reported_user = @us or bg_assigned_to_user = @us
if @cnt = 0
begin
select @cnt = count(1) from bug_posts where bp_user = @us
end
select us_username, @cnt [cnt] from users where us_id = @us");
sql = sql.AddParameterWithValue("us", id);
DataRow dr = DbUtil.get_datarow(sql);
if ((int)dr["cnt"] > 0)
{
Response.Write("You can't delete user \""
+ Convert.ToString(dr["us_username"])
+ "\" because some bugs or bug posts still reference it.");
Response.End();
}
else
{
confirm_href.InnerText = "confirm delete of \""
+ Convert.ToString(dr["us_username"])
+ "\"";
row_id.Value = id;
}
}
}
///////////////////////////////////////////////////////////////////////
private static int insert_post_attachment_impl(
Security security,
int bugid,
Stream content,
int content_length,
int copy_bpid,
string file,
string comment,
string content_type,
int parent,
bool hidden_from_external_users,
bool send_notifications)
{
// Note that this method does not perform any security check nor does
// it check that content_length is less than MaxUploadSize.
// These are left up to the caller.
string upload_folder = Util.get_upload_folder();
string sql;
bool store_attachments_in_database = (Util.get_setting("StoreAttachmentsInDatabase", "0") == "1");
string effective_file = file;
int effective_content_length = content_length;
string effective_content_type = content_type;
Stream effective_content = null;
try
{
// Determine the content. We may be instructed to copy an existing
// attachment via copy_bpid, or a Stream may be provided as the content parameter.
if (copy_bpid != -1)
{
BugPostAttachment bpa = get_bug_post_attachment(copy_bpid);
effective_content = bpa.content;
effective_file = bpa.file;
effective_content_length = bpa.content_length;
effective_content_type = bpa.content_type;
}
else
{
effective_content = content;
effective_file = file;
effective_content_length = content_length;
effective_content_type = content_type;
}
// Insert a new post into bug_posts.
sql = @"
declare @now datetime
set @now = getdate()
update bugs
set bg_last_updated_date = @now,
bg_last_updated_user = $us
where bg_id = $bg
insert into bug_posts
(bp_type, bp_bug, bp_file, bp_comment, bp_size, bp_date, bp_user, bp_content_type, bp_parent, bp_hidden_from_external_users)
values ('file', $bg, N'$fi', N'$de', $si, @now, $us, N'$ct', $pa, $internal)
select scope_identity()" ;
sql = sql.Replace("$bg", Convert.ToString(bugid));
sql = sql.Replace("$fi", effective_file.Replace("'", "''"));
sql = sql.Replace("$de", comment.Replace("'", "''"));
sql = sql.Replace("$si", Convert.ToString(effective_content_length));
sql = sql.Replace("$us", Convert.ToString(security.user.usid));
// Sometimes, somehow, content type is null. Not sure how.
sql = sql.Replace("$ct",
effective_content_type != null
? effective_content_type.Replace("'", "''")
: string.Empty);
if (parent == -1)
{
sql = sql.Replace("$pa", "null");
}
else
{
sql = sql.Replace("$pa", Convert.ToString(parent));
}
sql = sql.Replace("$internal", Util.bool_to_string(hidden_from_external_users));
int bp_id = Convert.ToInt32(DbUtil.execute_scalar(sql));
try
{
// Store attachment in bug_post_attachments table.
if (store_attachments_in_database)
{
byte[] data = new byte[effective_content_length];
int bytes_read = 0;
while (bytes_read < effective_content_length)
{
int bytes_read_this_iteration = effective_content.Read(data, bytes_read, effective_content_length - bytes_read);
if (bytes_read_this_iteration == 0)
{
throw new Exception("Unexpectedly reached the end of the stream before all data was read.");
}
bytes_read += bytes_read_this_iteration;
}
sql = @"insert into bug_post_attachments
(bpa_post, bpa_content)
values (@bp, @bc)" ;
using (SqlCommand cmd = new SqlCommand(sql))
{
cmd.Parameters.AddWithValue("@bp", bp_id);
cmd.Parameters.Add("@bc", SqlDbType.Image).Value = data;
cmd.CommandTimeout = Convert.ToInt32(Util.get_setting("SqlCommand.CommandTimeout", "30"));
DbUtil.execute_nonquery(cmd);
}
}
else
{
// Store attachment in UploadFolder.
if (upload_folder == null)
{
throw new Exception("StoreAttachmentsInDatabase is false and UploadFolder is not set in web.config.");
}
// Copy the content Stream to a file in the upload_folder.
byte[] buffer = new byte[16384];
int bytes_read = 0;
using (FileStream fs = new FileStream(upload_folder + "\\" + bugid + "_" + bp_id + "_" + effective_file, FileMode.CreateNew, FileAccess.Write))
{
while (bytes_read < effective_content_length)
{
int bytes_read_this_iteration = effective_content.Read(buffer, 0, buffer.Length);
if (bytes_read_this_iteration == 0)
{
throw new Exception("Unexpectedly reached the end of the stream before all data was read.");
}
fs.Write(buffer, 0, bytes_read_this_iteration);
bytes_read += bytes_read_this_iteration;
}
}
}
}
catch
{
// clean up
sql = @"delete from bug_posts where bp_id = $bp";
sql = sql.Replace("$bp", Convert.ToString(bp_id));
DbUtil.execute_nonquery(sql);
throw;
}
if (send_notifications)
{
Bug.send_notifications(Bug.UPDATE, bugid, security);
}
return(bp_id);
}
finally
{
// If this procedure "owns" the content (instead of our caller owning it), dispose it.
if (effective_content != null && effective_content != content)
{
effective_content.Dispose();
}
}
}
private static object dummy = new object(); // for a lock
///////////////////////////////////////////////////////////////////////
public static void auto_subscribe(int bugid)
{
// clean up bug subscriptions that no longer fit security rules
// subscribe per auto_subscribe
// subscribe project's default user
// subscribe per-project auto_subscribers
// subscribe per auto_subscribe_own_bugs
string sql = @"
declare @pj int
select @pj = bg_project from bugs where bg_id = $id
delete from bug_subscriptions
where bs_bug = $id
and bs_user in
(select x.pu_user
from projects
left outer join project_user_xref x on pu_project = pj_id
where pu_project = @pj
and isnull(pu_permission_level,$dpl) = 0)
delete from bug_subscriptions
where bs_bug = $id
and bs_user in
(select us_id from users
inner join orgs on us_org = og_id
inner join bugs on bg_id = $id
where og_other_orgs_permission_level = 0
and bg_org <> og_id)
insert into bug_subscriptions (bs_bug, bs_user)
select $id, us_id
from users
inner join orgs on us_org = og_id
inner join bugs on bg_id = $id
left outer join project_user_xref on pu_project = @pj and pu_user = us_id
where us_auto_subscribe = 1
and
case
when
us_org <> bg_org
and og_other_orgs_permission_level < 2
and og_other_orgs_permission_level < isnull(pu_permission_level,$dpl)
then og_other_orgs_permission_level
else
isnull(pu_permission_level,$dpl)
end <> 0
and us_active = 1
and us_id not in
(select bs_user from bug_subscriptions
where bs_bug = $id)
insert into bug_subscriptions (bs_bug, bs_user)
select $id, pj_default_user
from projects
inner join users on pj_default_user = us_id
where pj_id = @pj
and pj_default_user <> 0
and pj_auto_subscribe_default_user = 1
and us_active = 1
and pj_default_user not in
(select bs_user from bug_subscriptions
where bs_bug = $id)
insert into bug_subscriptions (bs_bug, bs_user)
select $id, pu_user from project_user_xref
inner join users on pu_user = us_id
inner join orgs on us_org = og_id
inner join bugs on bg_id = $id
where pu_auto_subscribe = 1
and
case
when
us_org <> bg_org
and og_other_orgs_permission_level < 2
and og_other_orgs_permission_level < isnull(pu_permission_level,$dpl)
then og_other_orgs_permission_level
else
isnull(pu_permission_level,$dpl)
end <> 0
and us_active = 1
and pu_project = @pj
and pu_user not in
(select bs_user from bug_subscriptions
where bs_bug = $id)
insert into bug_subscriptions (bs_bug, bs_user)
select $id, us_id
from users
inner join bugs on bg_id = $id
inner join orgs on us_org = og_id
left outer join project_user_xref on pu_project = @pj and pu_user = us_id
where ((us_auto_subscribe_own_bugs = 1 and bg_assigned_to_user = us_id)
or
(us_auto_subscribe_reported_bugs = 1 and bg_reported_user = us_id))
and
case
when
us_org <> bg_org
and og_other_orgs_permission_level < 2
and og_other_orgs_permission_level < isnull(pu_permission_level,$dpl)
then og_other_orgs_permission_level
else
isnull(pu_permission_level,$dpl)
end <> 0
and us_active = 1
and us_id not in
(select bs_user from bug_subscriptions
where bs_bug = $id)";
sql = sql.Replace("$id", Convert.ToString(bugid));
sql = sql.Replace("$dpl", Util.get_setting("DefaultPermissionLevel", "2"));
DbUtil.execute_nonquery(sql);
}
public void set_from_db(DataRow dr)
{
this.usid = Convert.ToInt32(dr["us_id"]);
this.username = (string)dr["us_username"];
this.email = (string)dr["us_email"];
this.bugs_per_page = Convert.ToInt32(dr["us_bugs_per_page"]);
if (Util.get_setting("DisableFCKEditor", "0") == "1")
{
this.use_fckeditor = false;
}
else
{
this.use_fckeditor = Convert.ToBoolean(dr["us_use_fckeditor"]);
}
this.enable_popups = Convert.ToBoolean(dr["us_enable_bug_list_popups"]);
this.external_user = Convert.ToBoolean(dr["og_external_user"]);
this.can_only_see_own_reported = Convert.ToBoolean(dr["og_can_only_see_own_reported"]);
this.can_edit_sql = Convert.ToBoolean(dr["og_can_edit_sql"]);
this.can_delete_bug = Convert.ToBoolean(dr["og_can_delete_bug"]);
this.can_edit_and_delete_posts = Convert.ToBoolean(dr["og_can_edit_and_delete_posts"]);
this.can_merge_bugs = Convert.ToBoolean(dr["og_can_merge_bugs"]);
this.can_mass_edit_bugs = Convert.ToBoolean(dr["og_can_mass_edit_bugs"]);
this.can_use_reports = Convert.ToBoolean(dr["og_can_use_reports"]);
this.can_edit_reports = Convert.ToBoolean(dr["og_can_edit_reports"]);
this.can_be_assigned_to = Convert.ToBoolean(dr["og_can_be_assigned_to"]);
this.can_view_tasks = Convert.ToBoolean(dr["og_can_view_tasks"]);
this.can_edit_tasks = Convert.ToBoolean(dr["og_can_edit_tasks"]);
this.can_search = Convert.ToBoolean(dr["og_can_search"]);
this.can_assign_to_internal_users = Convert.ToBoolean(dr["og_can_assign_to_internal_users"]);
this.other_orgs_permission_level = (int)dr["og_other_orgs_permission_level"];
this.org = (int)dr["og_id"];
this.org_name = (string)dr["og_name"];
this.forced_project = (int)dr["us_forced_project"];
this.category_field_permission_level = (int)dr["og_category_field_permission_level"];
if (Util.get_setting("EnableTags", "0") == "1")
{
this.tags_field_permission_level = (int)dr["og_tags_field_permission_level"];
}
else
{
this.tags_field_permission_level = Security.PERMISSION_NONE;
}
this.priority_field_permission_level = (int)dr["og_priority_field_permission_level"];
this.assigned_to_field_permission_level = (int)dr["og_assigned_to_field_permission_level"];
this.status_field_permission_level = (int)dr["og_status_field_permission_level"];
this.project_field_permission_level = (int)dr["og_project_field_permission_level"];
this.org_field_permission_level = (int)dr["og_org_field_permission_level"];
this.udf_field_permission_level = (int)dr["og_udf_field_permission_level"];
// field permission for custom fields
DataSet ds_custom = Util.get_custom_columns();
foreach (DataRow dr_custom in ds_custom.Tables[0].Rows)
{
string bg_name = (string)dr_custom["name"];
string og_name = "og_"
+ (string)dr_custom["name"]
+ "_field_permission_level";
try
{
object obj = dr[og_name];
if (Convert.IsDBNull(obj))
{
dict_custom_field_permission_level[bg_name] = Security.PERMISSION_ALL;
}
else
{
dict_custom_field_permission_level[bg_name] = (int)dr[og_name];
}
}
catch (Exception ex)
{
Util.write_to_log("exception looking for " + og_name + ":" + ex.Message);
// automatically add it if it's missing
DbUtil.execute_nonquery("alter table orgs add ["
+ og_name
+ "] int null");
dict_custom_field_permission_level[bg_name] = Security.PERMISSION_ALL;
}
}
if (((string)dr["us_firstname"]).Trim().Length == 0)
{
this.fullname = (string)dr["us_lastname"];
}
else
{
this.fullname = (string)dr["us_lastname"] + ", " + (string)dr["us_firstname"];
}
if ((int)dr["us_admin"] == 1)
{
this.is_admin = true;
}
else
{
if ((int)dr["project_admin"] > 0)
{
this.is_project_admin = true;
}
else
{
if (this.username.ToLower() == "guest")
{
this.is_guest = true;
}
}
}
// if user is forced to a specific project, and doesn't have
// at least reporter permission on that project, than user
// can't add bugs
if ((int)dr["us_forced_project"] != 0)
{
if ((int)dr["pu_permission_level"] == Security.PERMISSION_READONLY ||
(int)dr["pu_permission_level"] == Security.PERMISSION_NONE)
{
this.adds_not_allowed = true;
}
}
}
