///////////////////////////////////////////////////////////////////////
public static int get_bug_permission_level(int bugid, Security security)
{
/*
* public const int PERMISSION_NONE = 0;
* public const int PERMISSION_READONLY = 1;
* public const int PERMISSION_REPORTER = 3;
* public const int PERMISSION_ALL = 2;
*/
// fetch the revised permission level
string sql = @"
declare @bg_org int
select isnull(pu_permission_level,$dpl),
bg_org
from bugs
left outer join project_user_xref
on pu_project = bg_project
and pu_user = $us
where bg_id = $bg";
;
sql = sql.Replace("$dpl", Util.get_setting("DefaultPermissionLevel", "2"));
sql = sql.Replace("$bg", Convert.ToString(bugid));
sql = sql.Replace("$us", Convert.ToString(security.user.usid));
DataRow dr = DbUtil.get_datarow(sql);
if (dr == null)
{
return(Security.PERMISSION_NONE);
}
int pl = (int)dr[0];
int bg_org = (int)dr[1];
// maybe reduce permissions
if (bg_org != security.user.org)
{
if (security.user.other_orgs_permission_level == Security.PERMISSION_NONE ||
security.user.other_orgs_permission_level == Security.PERMISSION_READONLY)
{
if (security.user.other_orgs_permission_level < pl)
{
pl = security.user.other_orgs_permission_level;
}
}
}
return(pl);
}
///////////////////////////////////////////////////////////////////////
protected void Page_Load(Object sender, EventArgs e)
{
Util.do_not_cache(Response);
if (Request.QueryString["ses"] != (string)Session["session_cookie"])
{
Response.Write("session in URL doesn't match session cookie");
Response.End();
}
string string_bugid = Util.sanitize_integer(Request["bugid"]);
int bugid = Convert.ToInt32(string_bugid);
int permission_level = Bug.get_bug_permission_level(bugid, User.Identity);
if (permission_level != PermissionLevel.All)
{
Response.Write("You are not allowed to edit this item");
Response.End();
}
string string_tsk_id = Util.sanitize_integer(Request["id"]);
int tsk_id = Convert.ToInt32(string_tsk_id);
if (IsPostBack)
{
// do delete here
sql = new SQLString(@"delete bug_tasks where tsk_id = @tsk_id and tsk_bug = @bugid");
sql = sql.AddParameterWithValue("tsk_id", string_tsk_id);
sql = sql.AddParameterWithValue("bugid", string_bugid);
DbUtil.execute_nonquery(sql);
Response.Redirect("tasks.aspx?bugid=" + string_bugid);
}
else
{
Page.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - "
+ "delete task";
back_href.HRef = "tasks.aspx?bugid=" + string_bugid;
sql = new SQLString(@"select tsk_description from bug_tasks where tsk_id = @tsk_id and tsk_bug = @bugid");
sql = sql.AddParameterWithValue("tsk_id", string_tsk_id);
sql = sql.AddParameterWithValue("bugid", string_bugid);
DataRow dr = DbUtil.get_datarow(sql);
confirm_href.InnerText = "confirm delete of task: " + Convert.ToString(dr["tsk_description"]);
}
}
///////////////////////////////////////////////////////////////////////
protected void Page_Load(Object sender, EventArgs e)
{
Util.do_not_cache(Response);
if (User.IsInRole(BtnetRoles.Admin) || User.Identity.GetCanDeleteBugs())
{
//
}
else
{
Response.Write("You are not allowed to use this page.");
Response.End();
}
string id = Util.sanitize_integer(Request["id"]);
int permission_level = Bug.get_bug_permission_level(Convert.ToInt32(id), User.Identity);
if (permission_level != PermissionLevel.All)
{
Response.Write("You are not allowed to edit this item");
Response.End();
}
if (IsPostBack)
{
Bug.delete_bug(Convert.ToInt32(row_id.Value));
Server.Transfer("bugs.aspx");
}
else
{
Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - "
+ "delete " + Util.get_setting("SingularBugLabel", "bug");
back_href.HRef = "edit_bug.aspx?id=" + id;
sql = new SQLString(@"select bg_short_desc from bugs where bg_id = @bugId");
sql = sql.AddParameterWithValue("bugId", id);
DataRow dr = DbUtil.get_datarow(sql);
confirm_href.InnerText = "confirm delete of "
+ Util.get_setting("SingularBugLabel", "bug")
+ ": "
+ Convert.ToString(dr["bg_short_desc"]);
row_id.Value = id;
}
}
///////////////////////////////////////////////////////////////////////
void on_update()
{
Boolean good = validate();
if (good)
{
sql = new SQLString(@"update bug_posts set
bp_comment = @cm,
bp_comment_search = @cs,
bp_content_type = @cn,
bp_hidden_from_external_users = @internal
where bp_id = @id
select bg_short_desc from bugs where bg_id = @bugid");
if (use_fckeditor)
{
string text = Util.strip_dangerous_tags(comment.Value);
sql = sql.AddParameterWithValue("cm", text.Replace("'", "'"));
sql = sql.AddParameterWithValue("cs", Util.strip_html(comment.Value).Replace("'", "''"));
sql = sql.AddParameterWithValue("cn", "text/html");
}
else
{
sql = sql.AddParameterWithValue("cm", HttpUtility.HtmlDecode(comment.Value).Replace("'", "''"));
sql = sql.AddParameterWithValue("cs", comment.Value.Replace("'", "''"));
sql = sql.AddParameterWithValue("cn", "text/plain");
}
sql = sql.AddParameterWithValue("id", Convert.ToString(id));
sql = sql.AddParameterWithValue("bugid", Convert.ToString(bugid));
sql = sql.AddParameterWithValue("internal", Util.bool_to_string(internal_only.Checked));
DataRow dr = DbUtil.get_datarow(sql);
// Don't send notifications for internal only comments.
// We aren't putting them the email notifications because it that makes it
// easier for them to accidently get forwarded to the "wrong" people...
if (!internal_only.Checked)
{
Bug.send_notifications(Bug.UPDATE, bugid, User.Identity);
WhatsNew.add_news(bugid, (string)dr["bg_short_desc"], "updated", User.Identity);
}
Response.Redirect("edit_bug.aspx?id=" + Convert.ToString(bugid));
}
}
///////////////////////////////////////////////////////////////////////
protected void Page_Load(Object sender, EventArgs e)
{
Util.do_not_cache(Response);
if (IsPostBack)
{
// do delete here
sql = new SQLString(@"delete priorities where pr_id = @prid");
sql = sql.AddParameterWithValue("prid", Util.sanitize_integer(row_id.Value));
DbUtil.execute_nonquery(sql);
Server.Transfer("priorities.aspx");
}
else
{
Master.Menu.SelectedItem = "admin";
Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - "
+ "delete priority";
string id = Util.sanitize_integer(Request["id"]);
sql = new SQLString(@"declare @cnt int
select @cnt = count(1) from bugs where bg_priority = @id
select pr_name, @cnt [cnt] from priorities where pr_id = @id" );
sql = sql.AddParameterWithValue("id", id);
DataRow dr = DbUtil.get_datarow(sql);
if ((int)dr["cnt"] > 0)
{
Response.Write("You can't delete priority \""
+ Convert.ToString(dr["pr_name"])
+ "\" because some bugs still reference it.");
Response.End();
}
else
{
confirm_href.InnerText = "confirm delete of \""
+ Convert.ToString(dr["pr_name"])
+ "\"";
row_id.Value = id;
}
}
}
///////////////////////////////////////////////////////////////////////
protected void Page_Load(Object sender, EventArgs e)
{
Util.do_not_cache(Response);
if (IsPostBack)
{
// do delete here
sql = new SQLString(@"delete orgs where og_id = @orgid");
sql = sql.AddParameterWithValue("orgid", Util.sanitize_integer(row_id.Value));
DbUtil.execute_nonquery(sql);
Server.Transfer("orgs.aspx");
}
else
{
Page.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - "
+ "delete organization";
string id = Util.sanitize_integer(Request["id"]);
sql = new SQLString(@"declare @cnt int
select @cnt = count(1) from users where us_org = @orgid;
select @cnt = @cnt + count(1) from queries where qu_org = @orgid;
select @cnt = @cnt + count(1) from bugs where bg_org = @orgid;
select og_name, @cnt [cnt] from orgs where og_id = @orgid" );
sql = sql.AddParameterWithValue("orgid", id);
DataRow dr = DbUtil.get_datarow(sql);
if ((int)dr["cnt"] > 0)
{
Response.Write("You can't delete organization \""
+ Convert.ToString(dr["og_name"])
+ "\" because some bugs, users, queries still reference it.");
Response.End();
}
else
{
confirm_href.InnerText = "confirm delete of \""
+ Convert.ToString(dr["og_name"])
+ "\"";
row_id.Value = id;
}
}
}
///////////////////////////////////////////////////////////////////////
protected void Page_Load(Object sender, EventArgs e)
{
Util.do_not_cache(Response);
if (User.IsInRole(BtnetRoles.Admin) || User.Identity.GetCanEditReports())
{
//
}
else
{
Response.Write("You are not allowed to use this page.");
Response.End();
}
SQLString sql;
if (IsPostBack)
{
// do delete here
sql = new SQLString(@"
delete reports where rp_id = @reportId;
delete dashboard_items where ds_report = @reportId");
sql = sql.AddParameterWithValue("reportId", Util.sanitize_integer(row_id.Value));
DbUtil.execute_nonquery(sql);
Server.Transfer("reports.aspx");
}
else
{
Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - "
+ "delete report";
string id = Util.sanitize_integer(Request["id"]);
sql = new SQLString(@"select rp_desc from reports where rp_id = @id");
sql = sql.AddParameterWithValue("id", id);
DataRow dr = DbUtil.get_datarow(sql);
confirm_href.InnerText = "confirm delete of report: "
+ Convert.ToString(dr["rp_desc"]);
row_id.Value = id;
}
}
///////////////////////////////////////////////////////////////////////
public static System.Data.DataRow get_bug_defaults()
{
string sql = @"/*fetch defaults*/
declare @pj int
declare @ct int
declare @pr int
declare @st int
declare @udf int
set @pj = 0
set @ct = 0
set @pr = 0
set @st = 0
set @udf = 0
select @pj = pj_id from projects where pj_default = 1 order by pj_name
select @ct = ct_id from categories where ct_default = 1 order by ct_name
select @pr = pr_id from priorities where pr_default = 1 order by pr_name
select @st = st_id from statuses where st_default = 1 order by st_name
select @udf = udf_id from user_defined_attribute where udf_default = 1 order by udf_name
select @pj pj, @ct ct, @pr pr, @st st, @udf udf";
return(DbUtil.get_datarow(sql));
}
///////////////////////////////////////////////////////////////////////
protected void Page_Load(Object sender, EventArgs e)
{
Util.do_not_cache(Response);
msg.InnerText = "";
string string_bugid = Util.sanitize_integer(Request["bugid"]);
bugid = Convert.ToInt32(string_bugid);
int permission_level = Bug.get_bug_permission_level(bugid, User.Identity);
if (permission_level != PermissionLevel.All)
{
Response.Write("You are not allowed to edit tasks for this item");
Response.End();
}
if (User.IsInRole(BtnetRoles.Admin) || User.Identity.GetCanEditTasks())
{
// allowed
}
else
{
Response.Write("You are not allowed to edit tasks");
Response.End();
}
string string_tsk_id = Util.sanitize_integer(Request["id"]);
tsk_id_static.InnerHtml = string_tsk_id;
tsk_id = Convert.ToInt32(string_tsk_id);
if (!IsPostBack)
{
Master.Menu.SelectedItem = "admin";
Page.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - "
+ "edit task";
bugid_label.InnerHtml = Util.capitalize_first_letter(Util.get_setting("SingularBugLabel", "bug")) + " ID:";
bugid_static.InnerHtml = Convert.ToString(bugid);
load_users_dropdowns(bugid);
if (Util.get_setting("ShowTaskAssignedTo", "1") == "0")
{
assigned_to_tr.Visible = false;
}
if (Util.get_setting("ShowTaskPlannedStartDate", "1") == "0")
{
planned_start_date_tr.Visible = false;
}
if (Util.get_setting("ShowTaskActualStartDate", "1") == "0")
{
actual_start_date_tr.Visible = false;
}
if (Util.get_setting("ShowTaskPlannedEndDate", "1") == "0")
{
planned_end_date_tr.Visible = false;
}
if (Util.get_setting("ShowTaskActualEndDate", "1") == "0")
{
actual_end_date_tr.Visible = false;
}
if (Util.get_setting("ShowTaskPlannedDuration", "1") == "0")
{
planned_duration_tr.Visible = false;
}
if (Util.get_setting("ShowTaskActualDuration", "1") == "0")
{
actual_duration_tr.Visible = false;
}
if (Util.get_setting("ShowTaskDurationUnits", "1") == "0")
{
duration_units_tr.Visible = false;
}
if (Util.get_setting("ShowTaskPercentComplete", "1") == "0")
{
percent_complete_tr.Visible = false;
}
if (Util.get_setting("ShowTaskStatus", "1") == "0")
{
status_tr.Visible = false;
}
if (Util.get_setting("ShowTaskSortSequence", "1") == "0")
{
sort_sequence_tr.Visible = false;
}
// add or edit?
if (tsk_id == 0)
{
tsk_id_tr.Visible = false;
sub.Value = "Create";
string default_duration_units = Util.get_setting("TaskDefaultDurationUnits", "hours");
duration_units.Items.FindByText(default_duration_units).Selected = true;
string default_hour = Util.get_setting("TaskDefaultHour", "09");
planned_start_hour.Items.FindByText(default_hour).Selected = true;
actual_start_hour.Items.FindByText(default_hour).Selected = true;
planned_end_hour.Items.FindByText(default_hour).Selected = true;
actual_end_hour.Items.FindByText(default_hour).Selected = true;
string default_status = Util.get_setting("TaskDefaultStatus", "[no status]");
status.Items.FindByText(default_status).Selected = true;
}
else
{
// Get this entry's data from the db and fill in the form
sql = new SQLString(@"select * from bug_tasks where tsk_id = @tsk_id and tsk_bug = @bugid");
sql = sql.AddParameterWithValue("tsk_id", Convert.ToString(tsk_id));
sql = sql.AddParameterWithValue("bugid", Convert.ToString(bugid));
DataRow dr = DbUtil.get_datarow(sql);
assigned_to.Items.FindByValue(Convert.ToString(dr["tsk_assigned_to_user"])).Selected = true;
duration_units.Items.FindByText(Convert.ToString(dr["tsk_duration_units"])).Selected = true;
status.Items.FindByValue(Convert.ToString(dr["tsk_status"])).Selected = true;
planned_duration.Value = Util.format_db_value(dr["tsk_planned_duration"]);
actual_duration.Value = Util.format_db_value(dr["tsk_actual_duration"]);
percent_complete.Value = Convert.ToString(dr["tsk_percent_complete"]);
sort_sequence.Value = Convert.ToString(dr["tsk_sort_sequence"]);
desc.Value = Convert.ToString(dr["tsk_description"]);
load_date_hour_min(
planned_start_date,
planned_start_hour,
planned_start_min,
dr["tsk_planned_start_date"]);
load_date_hour_min(
actual_start_date,
actual_start_hour,
actual_start_min,
dr["tsk_actual_start_date"]);
load_date_hour_min(
planned_end_date,
planned_end_hour,
planned_end_min,
dr["tsk_planned_end_date"]);
load_date_hour_min(
actual_end_date,
actual_end_hour,
actual_end_min,
dr["tsk_actual_end_date"]);
sub.Value = "Update";
}
}
else
{
on_update();
}
}
///////////////////////////////////////////////////////////////////////
protected void Page_Load(Object sender, EventArgs e)
{
Master.Menu.SelectedItem = Util.get_setting("PluralBugLabel", "bugs");
Util.do_not_cache(Response);
if (User.IsInRole(BtnetRoles.Admin) || User.Identity.GetCanEditAndDeletePosts())
{
//
}
else
{
Response.Write("You are not allowed to use this page.");
Response.End();
}
if (IsPostBack)
{
// do delete here
sql = new SQLString(@"delete bug_posts where bp_id = @bpid");
sql = sql.AddParameterWithValue("bpid", Util.sanitize_integer(row_id.Value));
DbUtil.execute_nonquery(sql);
Response.Redirect("edit_bug.aspx?id=" + Util.sanitize_integer(redirect_bugid.Value));
}
else
{
string bug_id = Util.sanitize_integer(Request["bug_id"]);
redirect_bugid.Value = bug_id;
int permission_level = Bug.get_bug_permission_level(Convert.ToInt32(bug_id), User.Identity);
if (permission_level != PermissionLevel.All)
{
Response.Write("You are not allowed to edit this item");
Response.End();
}
Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - "
+ "delete comment";
string id = Util.sanitize_integer(Request["id"]);
back_href.HRef = "edit_bug.aspx?id=" + bug_id;
sql = new SQLString(@"select bp_comment from bug_posts where bp_id = @bpid");
sql = sql.AddParameterWithValue("bpid", id);
DataRow dr = DbUtil.get_datarow(sql);
// show the first few chars of the comment
string s = Convert.ToString(dr["bp_comment"]);
int len = 20;
if (s.Length < len)
{
len = s.Length;
}
confirm_href.InnerText = "confirm delete of comment: "
+ s.Substring(0, len)
+ "...";
row_id.Value = id;
}
}
//*************************************************************
public static bool fetch_messages(string project_user, string project_password, int projectid)
{
// experimental, under construction
POP3Client.POP3client client = new POP3Client.POP3client(Pop3ReadInputStreamCharByChar);
string[] SubjectCannotContainStrings = Util.rePipes.Split(Pop3SubjectCannotContain);
string[] FromCannotContainStrings = Util.rePipes.Split(Pop3FromCannotContain);
//try
{
System.Data.DataRow defaults = Bug.get_bug_defaults();
//int projectid = (int)defaults["pj"];
int categoryid = (int)defaults["ct"];
int priorityid = (int)defaults["pr"];
int statusid = (int)defaults["st"];
int udfid = (int)defaults["udf"];
Util.write_to_log("pop3:" + client.connect(Pop3Server, Pop3Port, Pop3UseSSL));
Util.write_to_log("pop3:sending POP3 command USER");
Util.write_to_log("pop3:" + client.USER(project_user));
Util.write_to_log("pop3:sending POP3 command PASS");
Util.write_to_log("pop3:" + client.PASS(project_password));
Util.write_to_log("pop3:sending POP3 command STAT");
Util.write_to_log("pop3:" + client.STAT());
Util.write_to_log("pop3:sending POP3 command LIST");
string list;
list = client.LIST();
Util.write_to_log("pop3:list follows:");
Util.write_to_log(list);
string[] messages = null;
System.Text.RegularExpressions.Regex regex = new System.Text.RegularExpressions.Regex("\r\n");
messages = regex.Split(list);
int end = messages.Length - 1;
// loop through the messages
for (int i = 1; i < end; i++)
{
int space_pos = messages[i].IndexOf(" ");
int message_number = Convert.ToInt32(messages[i].Substring(0, space_pos));
string message_raw_string = client.RETR(message_number);
if (Pop3WriteRawMessagesToLog)
{
Util.write_to_log("raw email message:");
Util.write_to_log(message_raw_string);
}
SharpMimeMessage mime_message = MyMime.get_sharp_mime_message(message_raw_string);
string from_addr = MyMime.get_from_addr(mime_message);
string subject = MyMime.get_subject(mime_message);
if (Pop3SubjectMustContain != "" && subject.IndexOf(Pop3SubjectMustContain) < 0)
{
Util.write_to_log("skipping because subject does not contain: " + Pop3SubjectMustContain);
continue;
}
bool bSkip = false;
for (int k = 0; k < SubjectCannotContainStrings.Length; k++)
{
if (SubjectCannotContainStrings[k] != "")
{
if (subject.IndexOf(SubjectCannotContainStrings[k]) >= 0)
{
Util.write_to_log("skipping because subject cannot contain: " + SubjectCannotContainStrings[k]);
bSkip = true;
break; // done checking, skip this message
}
}
}
if (bSkip)
{
continue;
}
if (Pop3FromMustContain != "" && from_addr.IndexOf(Pop3FromMustContain) < 0)
{
Util.write_to_log("skipping because from does not contain: " + Pop3FromMustContain);
continue; // that is, skip to next message
}
for (int k = 0; k < FromCannotContainStrings.Length; k++)
{
if (FromCannotContainStrings[k] != "")
{
if (from_addr.IndexOf(FromCannotContainStrings[k]) >= 0)
{
Util.write_to_log("skipping because from cannot contain: " + FromCannotContainStrings[k]);
bSkip = true;
break; // done checking, skip this message
}
}
}
if (bSkip)
{
continue;
}
int bugid = MyMime.get_bugid_from_subject(ref subject);
string cc = MyMime.get_cc(mime_message);
string comment = MyMime.get_comment(mime_message);
string headers = MyMime.get_headers_for_comment(mime_message);
if (headers != "")
{
comment = headers + "\n" + comment;
}
Security security = MyMime.get_synthesized_security(mime_message, from_addr, Pop3ServiceUsername);
int orgid = security.user.org;
if (bugid == 0)
{
if (security.user.forced_project != 0)
{
projectid = security.user.forced_project;
}
if (subject.Length > 200)
{
subject = subject.Substring(0, 200);
}
Bug.NewIds new_ids = Bug.insert_bug(
subject,
security,
"", // tags
projectid,
orgid,
categoryid,
priorityid,
statusid,
0, // assignedid,
udfid,
"", "", "", // project specific dropdown values
comment,
comment,
from_addr,
cc,
"text/plain",
false, // internal only
null, // custom columns
false);
MyMime.add_attachments(mime_message, new_ids.bugid, new_ids.postid, security);
// your customizations
Bug.apply_post_insert_rules(new_ids.bugid);
Bug.send_notifications(Bug.INSERT, new_ids.bugid, security);
WhatsNew.add_news(new_ids.bugid, subject, "added", security);
MyPop3.auto_reply(new_ids.bugid, from_addr, subject, projectid);
}
else // update existing
{
string StatusResultingFromIncomingEmail = Util.get_setting("StatusResultingFromIncomingEmail", "0");
string sql = "";
if (StatusResultingFromIncomingEmail != "0")
{
sql = @"update bugs
set bg_status = $st
where bg_id = $bg
" ;
sql = sql.Replace("$st", StatusResultingFromIncomingEmail);
}
sql += "select bg_short_desc from bugs where bg_id = $bg";
sql = sql.Replace("$bg", Convert.ToString(bugid));
DataRow dr2 = DbUtil.get_datarow(sql);
// Add a comment to existing bug.
int postid = Bug.insert_comment(
bugid,
security.user.usid, // (int) dr["us_id"],
comment,
comment,
from_addr,
cc,
"text/plain",
false); // internal only
MyMime.add_attachments(mime_message, bugid, postid, security);
Bug.send_notifications(Bug.UPDATE, bugid, security);
WhatsNew.add_news(bugid, (string)dr2["bg_short_desc"], "updated", security);
}
if (Pop3DeleteMessagesOnServer)
{
Util.write_to_log("sending POP3 command DELE");
Util.write_to_log(client.DELE(message_number));
}
}
}
//catch (Exception ex)
//{
// Util.write_to_log("pop3:exception in fetch_messages: " + ex.Message);
// error_count++;
// if (error_count > Pop3TotalErrorsAllowed)
// {
// return false;
// }
//}
Util.write_to_log("pop3:quit");
Util.write_to_log("pop3:" + client.QUIT());
return(true);
}
// update an existing index
static void threadproc_update(object obj)
{
// just to be safe, make the worker threads wait for each other
//System.Console.Beep(540, 20);
lock (my_lock) // prevent contention between searching and writing?
{
//System.Console.Beep(840, 20);
try
{
if (searcher != null)
{
try
{
searcher.Close();
}
catch (Exception e)
{
Util.write_to_log("Exception closing lucene searcher:" + e.Message);
Util.write_to_log(e.StackTrace);
}
searcher = null;
}
Lucene.Net.Index.IndexModifier modifier = new Lucene.Net.Index.IndexModifier(index_path, anal, false);
// same as buid, but uses "modifier" instead of write.
// uses additional "where" clause for bugid
int bug_id = (int)obj;
Util.write_to_log("started updating Lucene index using folder " + MyLucene.index_path);
modifier.DeleteDocuments(new Lucene.Net.Index.Term("bg_id", Convert.ToString(bug_id)));
string sql = @"
select bg_id,
$custom_cols
isnull(bg_tags,'') bg_tags,
bg_short_desc
from bugs where bg_id = $bugid";
sql = sql.Replace("$bugid", Convert.ToString(bug_id));
DataSet ds_text_custom_cols = get_text_custom_cols();
sql = sql.Replace("$custom_cols", get_text_custom_cols_names(ds_text_custom_cols));
// index the bugs
DataRow dr = DbUtil.get_datarow(sql);
modifier.AddDocument(MyLucene.create_doc(
(int)dr["bg_id"],
0,
"desc",
(string)dr["bg_short_desc"]));
// tags
string tags = (string)dr["bg_tags"];
if (tags != "")
{
modifier.AddDocument(MyLucene.create_doc(
(int)dr["bg_id"],
0,
"tags",
tags));
}
// custom text fields
foreach (DataRow dr_custom_col in ds_text_custom_cols.Tables[0].Rows)
{
string name = (string)dr_custom_col["name"];
string val = Convert.ToString(dr[name]);
if (val != "")
{
modifier.AddDocument(MyLucene.create_doc(
(int)dr["bg_id"],
0,
name.Replace("'", "''"),
val));
}
}
// index the bug posts
DataSet ds = DbUtil.get_dataset(@"
select bp_bug, bp_id,
isnull(bp_comment_search,bp_comment) [text]
from bug_posts
where bp_type <> 'update'
and bp_hidden_from_external_users = 0
and bp_bug = " + Convert.ToString(bug_id));
foreach (DataRow dr2 in ds.Tables[0].Rows)
{
modifier.AddDocument(MyLucene.create_doc(
(int)dr2["bp_bug"],
(int)dr2["bp_id"],
"post",
(string)dr2["text"]));
}
modifier.Flush();
modifier.Close();
Util.write_to_log("done updating Lucene index");
}
catch (Exception e)
{
Util.write_to_log("exception updating Lucene index: " + e.Message);
Util.write_to_log(e.StackTrace);
}
}
}
///////////////////////////////////////////////////////////////////////
public static void print_bug (HttpResponse Response, DataRow dr, Security security,
bool include_style,
bool images_inline,
bool history_inline,
bool internal_posts)
{
int bugid = Convert.ToInt32(dr["id"]);
string string_bugid = Convert.ToString(bugid);
if (include_style) // when sending emails
{
Response.Write("\n<style>\n");
// If this file exists, use it.
string map_path = (string) HttpRuntime.Cache["MapPath"];
string css_for_email_file = map_path + "\\custom\\btnet_css_for_email.css";
try
{
if (System.IO.File.Exists(css_for_email_file))
{
Response.WriteFile(css_for_email_file);
Response.Write("\n");
}
else
{
css_for_email_file = map_path + "\\Content\\bootstrap.min.css";
Response.WriteFile(css_for_email_file);
Response.Write("\n");
//css_for_email_file = map_path + "\\custom\\" + "btnet_custom.css";
//if (System.IO.File.Exists(css_for_email_file))
//{
// Response.WriteFile(css_for_email_file);
// Response.Write("\n");
//}
}
}
catch (Exception e)
{
Util.write_to_log("Exception trying to read css file for email \""
+ css_for_email_file
+ "\":"
+ e.Message);
}
// underline links in the emails to make them more obvious
Response.Write("\na {text-decoration: underline; }");
Response.Write("\na:visited {text-decoration: underline; }");
Response.Write("\na:hover {text-decoration: underline; }");
Response.Write("\n</style>\n");
}
Response.Write ("<body style='background:white'>");
Response.Write ("<b>"
+ Util.capitalize_first_letter(Util.get_setting("SingularBugLabel","bug"))
+ " ID: <a href="
+ Util.get_setting("AbsoluteUrlPrefix","http://127.0.0.1/")
+ "edit_bug.aspx?id="
+ string_bugid
+ ">"
+ string_bugid
+ "</a>");
if (Util.get_setting("EnableMobile", "0") == "1")
{
Response.Write(
" Mobile link: <a href="
+ Util.get_setting("AbsoluteUrlPrefix", "http://127.0.0.1/")
+ "mbug.aspx?id="
+ string_bugid
+ ">"
+ Util.get_setting("AbsoluteUrlPrefix", "http://127.0.0.1/")
+ "mbug.aspx?id="
+ string_bugid
+ "</a>");
}
Response.Write("<br>");
Response.Write ("Short desc: <a href="
+ Util.get_setting("AbsoluteUrlPrefix","http://127.0.0.1/")
+ "edit_bug.aspx?id="
+ string_bugid
+ ">"
+ HttpUtility.HtmlEncode((string)dr["short_desc"])
+ "</a></b><p>");
// start of the table with the bug fields
Response.Write ("\n<table class='table'>");
Response.Write("\n<tr><td>Last changed by<td>"
+ format_username((string)dr["last_updated_user"],(string)dr["last_updated_fullname"])
+ " ");
Response.Write("\n<tr><td>Reported By<td>"
+ format_username((string)dr["reporter"],(string)dr["reporter_fullname"])
+ " ");
Response.Write("\n<tr><td>Reported On<td>" + Util.format_db_date_and_time(dr["reported_date"]) + " ");
if (security.user.tags_field_permission_level > 0)
Response.Write("\n<tr><td>Tags<td>" + dr["bg_tags"] + " ");
if (security.user.project_field_permission_level > 0)
Response.Write("\n<tr><td>Project<td>" + dr["current_project"] + " ");
if (security.user.org_field_permission_level > 0)
Response.Write("\n<tr><td>Organization<td>" + dr["og_name"] + " ");
if (security.user.category_field_permission_level > 0)
Response.Write("\n<tr><td>Category<td>" + dr["category_name"] + " ");
if (security.user.priority_field_permission_level > 0)
Response.Write("\n<tr><td>Priority<td>" + dr["priority_name"] + " ");
if (security.user.assigned_to_field_permission_level > 0)
Response.Write("\n<tr><td>Assigned<td>"
+ format_username((string)dr["assigned_to_username"],(string)dr["assigned_to_fullname"])
+ " ");
if (security.user.status_field_permission_level > 0)
Response.Write("\n<tr><td>Status<td>" + dr["status_name"] + " ");
if (security.user.udf_field_permission_level > 0)
if (Util.get_setting("ShowUserDefinedBugAttribute","1") == "1")
{
Response.Write("\n<tr><td>"
+ Util.get_setting("UserDefinedBugAttributeName","YOUR ATTRIBUTE")
+ "<td>"
+ dr["udf_name"] + " ");
}
// Get custom column info (There's an inefficiency here - we just did this
// same call in get_bug_datarow...)
DataSet ds_custom_cols = Util.get_custom_columns();
// Show custom columns
foreach (DataRow drcc in ds_custom_cols.Tables[0].Rows)
{
string column_name = (string) drcc["name"];
if (security.user.dict_custom_field_permission_level[column_name] == Security.PERMISSION_NONE)
{
continue;
}
Response.Write("\n<tr><td>");
Response.Write (column_name);
Response.Write ("<td>");
if ((string)drcc["datatype"] == "datetime")
{
object dt = dr[(string)drcc["name"]];
Response.Write (Util.format_db_date_and_time(dt));
}
else
{
string s = "";
if ((string)drcc["dropdown type"] == "users")
{
object obj = dr[(string)drcc["name"]];
if (obj.GetType() != typeof(System.DBNull))
{
int userid = Convert.ToInt32(obj);
if (userid != 0)
{
string sql_get_username = "******";
s = (string) DbUtil.execute_scalar(sql_get_username.Replace("$1", Convert.ToString(userid)));
}
}
}
else
{
s = Convert.ToString(dr[(string)drcc["name"]]);
}
s = HttpUtility.HtmlEncode(s);
s = s.Replace("\n","<br>");
s = s.Replace(" "," ");
s = s.Replace("\t"," ");
Response.Write (s);
}
Response.Write (" ");
}
// create project custom dropdowns
if ((int)dr["project"] != 0)
{
string sql = @"select
isnull(pj_enable_custom_dropdown1,0) [pj_enable_custom_dropdown1],
isnull(pj_enable_custom_dropdown2,0) [pj_enable_custom_dropdown2],
isnull(pj_enable_custom_dropdown3,0) [pj_enable_custom_dropdown3],
isnull(pj_custom_dropdown_label1,'') [pj_custom_dropdown_label1],
isnull(pj_custom_dropdown_label2,'') [pj_custom_dropdown_label2],
isnull(pj_custom_dropdown_label3,'') [pj_custom_dropdown_label3]
from projects where pj_id = $pj";
sql = sql.Replace("$pj", Convert.ToString((int)dr["project"]));
DataRow project_dr = DbUtil.get_datarow(sql);
if (project_dr != null)
{
for (int i = 1; i < 4; i++)
{
if ((int)project_dr["pj_enable_custom_dropdown" + Convert.ToString(i)] == 1)
{
Response.Write("\n<tr><td>");
Response.Write (project_dr["pj_custom_dropdown_label" + Convert.ToString(i)]);
Response.Write ("<td>");
Response.Write (dr["bg_project_custom_dropdown_value" + Convert.ToString(i)]);
Response.Write (" ");
}
}
}
}
Response.Write("\n</table><p>"); // end of the table with the bug fields
// Relationships
if (Util.get_setting("EnableRelationships", "0") == "1")
{
write_relationships(Response, bugid);
}
// Tasks
if (Util.get_setting("EnableTasks", "0") == "1")
{
write_tasks(Response, bugid);
}
DataSet ds_posts = get_bug_posts(bugid, security.user.external_user, history_inline);
write_posts (
ds_posts,
Response,
bugid,
0,
false, /* don't write links */
images_inline,
history_inline,
internal_posts,
security.user);
Response.Write ("</body>");
}
///////////////////////////////////////////////////////////////////////
protected void Page_Load(Object sender, EventArgs e)
{
Util.do_not_cache(Response);
string id = Util.sanitize_integer(Request["id"]);
if (!User.IsInRole(BtnetRoles.Admin))
{
sql = new SQLString(@"select us_created_user, us_admin from users where us_id = @us");
sql = sql.AddParameterWithValue("us", id);
DataRow dr = DbUtil.get_datarow(sql);
if (User.Identity.GetUserId() != (int)dr["us_created_user"])
{
Response.Write("You not allowed to delete this user, because you didn't create it.");
Response.End();
}
else if ((int)dr["us_admin"] == 1)
{
Response.Write("You not allowed to delete this user, because it is an admin.");
Response.End();
}
}
if (IsPostBack)
{
// do delete here
sql = new SQLString(@"
delete from emailed_links where el_username in (select us_username from users where us_id = @us)
delete users where us_id = @us
delete project_user_xref where pu_user = @us
delete bug_subscriptions where bs_user = @us
delete bug_user where bu_user = @us
delete queries where qu_user = @us
delete queued_notifications where qn_user = @us
delete dashboard_items where ds_user = @us");
sql = sql.AddParameterWithValue("us", Util.sanitize_integer(row_id.Value));
DbUtil.execute_nonquery(sql);
Server.Transfer("users.aspx");
}
else
{
Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - "
+ "delete user";
sql = new SQLString(@"declare @cnt int
select @cnt = count(1) from bugs where bg_reported_user = @us or bg_assigned_to_user = @us
if @cnt = 0
begin
select @cnt = count(1) from bug_posts where bp_user = @us
end
select us_username, @cnt [cnt] from users where us_id = @us");
sql = sql.AddParameterWithValue("us", id);
DataRow dr = DbUtil.get_datarow(sql);
if ((int)dr["cnt"] > 0)
{
Response.Write("You can't delete user \""
+ Convert.ToString(dr["us_username"])
+ "\" because some bugs or bug posts still reference it.");
Response.End();
}
else
{
confirm_href.InnerText = "confirm delete of \""
+ Convert.ToString(dr["us_username"])
+ "\"";
row_id.Value = id;
}
}
}
///////////////////////////////////////////////////////////////////////
public static DataRow get_bug_datarow(
int bugid,
Security security,
DataSet ds_custom_cols)
{
string sql = @" /* get_bug_datarow */";
if (Util.get_setting("EnableSeen", "0") == "1")
{
sql += @"
if not exists (select bu_bug from bug_user where bu_bug = $id and bu_user = $this_usid)
insert into bug_user (bu_bug, bu_user, bu_flag, bu_seen, bu_vote) values($id, $this_usid, 0, 1, 0)
update bug_user set bu_seen = 1, bu_seen_datetime = getdate() where bu_bug = $id and bu_user = $this_usid and bu_seen <> 1";
}
sql += @"
declare @svn_revisions int
declare @git_commits int
declare @hg_revisions int
declare @tasks int
declare @related int;
set @svn_revisions = 0
set @git_commits = 0
set @hg_revisions = 0
set @tasks = 0
set @related = 0";
if (Util.get_setting("EnableSubversionIntegration", "0") == "1")
{
sql += @"
select @svn_revisions = count(1)
from svn_affected_paths
inner join svn_revisions on svnap_svnrev_id = svnrev_id
where svnrev_bug = $id;";
}
if (Util.get_setting("EnableGitIntegration", "0") == "1")
{
sql += @"
select @git_commits = count(1)
from git_affected_paths
inner join git_commits on gitap_gitcom_id = gitcom_id
where gitcom_bug = $id;";
}
if (Util.get_setting("EnableMercurialIntegration", "0") == "1")
{
sql += @"
select @hg_revisions = count(1)
from hg_affected_paths
inner join hg_revisions on hgap_hgrev_id = hgrev_id
where hgrev_bug = $id;";
}
if (Util.get_setting("EnableTasks", "0") == "1")
{
sql += @"
select @tasks = count(1)
from bug_tasks
where tsk_bug = $id;";
}
if (Util.get_setting("EnableRelationships", "0") == "1")
{
sql += @"
select @related = count(1)
from bug_relationships
where re_bug1 = $id;";
}
sql += @"
select bg_id [id],
bg_short_desc [short_desc],
isnull(bg_tags,'') [bg_tags],
isnull(ru.us_username,'[deleted user]') [reporter],
isnull(ru.us_email,'') [reporter_email],
case rtrim(ru.us_firstname)
when null then isnull(ru.us_lastname, '')
when '' then isnull(ru.us_lastname, '')
else isnull(ru.us_lastname + ', ' + ru.us_firstname,'')
end [reporter_fullname],
bg_reported_date [reported_date],
datediff(s,bg_reported_date,getdate()) [seconds_ago],
isnull(lu.us_username,'') [last_updated_user],
case rtrim(lu.us_firstname)
when null then isnull(lu.us_lastname, '')
when '' then isnull(lu.us_lastname, '')
else isnull(lu.us_lastname + ', ' + lu.us_firstname,'')
end [last_updated_fullname],
bg_last_updated_date [last_updated_date],
isnull(bg_project,0) [project],
isnull(pj_name,'[no project]') [current_project],
isnull(bg_org,0) [organization],
isnull(bugorg.og_name,'') [og_name],
isnull(bg_category,0) [category],
isnull(ct_name,'') [category_name],
isnull(bg_priority,0) [priority],
isnull(pr_name,'') [priority_name],
isnull(bg_status,0) [status],
isnull(st_name,'') [status_name],
isnull(bg_user_defined_attribute,0) [udf],
isnull(udf_name,'') [udf_name],
isnull(bg_assigned_to_user,0) [assigned_to_user],
isnull(asg.us_username,'[not assigned]') [assigned_to_username],
case rtrim(asg.us_firstname)
when null then isnull(asg.us_lastname, '[not assigned]')
when '' then isnull(asg.us_lastname, '[not assigned]')
else isnull(asg.us_lastname + ', ' + asg.us_firstname,'[not assigned]')
end [assigned_to_fullname],
isnull(bs_user,0) [subscribed],
case
when
$this_org <> bg_org
and userorg.og_other_orgs_permission_level < 2
and userorg.og_other_orgs_permission_level < isnull(pu_permission_level,$dpl)
then userorg.og_other_orgs_permission_level
else
isnull(pu_permission_level,$dpl)
end [pu_permission_level],
isnull(bg_project_custom_dropdown_value1,'') [bg_project_custom_dropdown_value1],
isnull(bg_project_custom_dropdown_value2,'') [bg_project_custom_dropdown_value2],
isnull(bg_project_custom_dropdown_value3,'') [bg_project_custom_dropdown_value3],
@related [relationship_cnt],
@svn_revisions [svn_revision_cnt],
@git_commits [git_commit_cnt],
@hg_revisions [hg_commit_cnt],
@tasks [task_cnt],
getdate() [snapshot_timestamp]
$custom_cols_placeholder
from bugs
inner join users this_user on us_id = $this_usid
inner join orgs userorg on this_user.us_org = userorg.og_id
left outer join user_defined_attribute on bg_user_defined_attribute = udf_id
left outer join projects on bg_project = pj_id
left outer join orgs bugorg on bg_org = bugorg.og_id
left outer join categories on bg_category = ct_id
left outer join priorities on bg_priority = pr_id
left outer join statuses on bg_status = st_id
left outer join users asg on bg_assigned_to_user = asg.us_id
left outer join users ru on bg_reported_user = ru.us_id
left outer join users lu on bg_last_updated_user = lu.us_id
left outer join bug_subscriptions on bs_bug = bg_id and bs_user = $this_usid
left outer join project_user_xref on pj_id = pu_project
and pu_user = $this_usid
where bg_id = $id";
if (ds_custom_cols.Tables[0].Rows.Count == 0)
{
sql = sql.Replace("$custom_cols_placeholder", "");
}
else
{
string custom_cols_sql = "";
foreach (DataRow drcc in ds_custom_cols.Tables[0].Rows)
{
custom_cols_sql += ",[" + drcc["name"].ToString() + "]";
}
sql = sql.Replace("$custom_cols_placeholder", custom_cols_sql);
}
sql = sql.Replace("$id", Convert.ToString(bugid));
sql = sql.Replace("$this_usid", Convert.ToString(security.user.usid));
sql = sql.Replace("$this_org", Convert.ToString(security.user.org));
sql = sql.Replace("$dpl", Util.get_setting("DefaultPermissionLevel", "2"));
return(DbUtil.get_datarow(sql));
}
///////////////////////////////////////////////////////////////////////
public void Page_Load(Object sender, EventArgs e)
{
Util.set_context(HttpContext.Current);
Util.do_not_cache(Response);
if (Util.get_setting("ShowForgotPasswordLink", "0") == "0")
{
Response.Write("Sorry, Web.config ShowForgotPasswordLink is set to 0");
Response.End();
}
if (!IsPostBack)
{
Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - "
+ "forgot password";
}
else
{
msg.InnerHtml = "";
if (email.Value == "" && username.Value == "")
{
msg.InnerHtml = "Enter either your Username or your Email address.";
}
else if (email.Value != "" && !Util.validate_email(email.Value))
{
msg.InnerHtml = "Format of email address is invalid.";
}
else
{
int user_count = 0;
int user_id = 0;
if (email.Value != "" && username.Value == "")
{
// check if email exists
SQLString sql = new SQLString("select count(1) from users where us_email = @email");
sql.AddParameterWithValue("email", email.Value);
user_count = (int)DbUtil.execute_scalar(sql);
if (user_count == 1)
{
sql = new SQLString("select us_id from users where us_email = @email");
sql.AddParameterWithValue("email", email.Value);
user_id = (int)DbUtil.execute_scalar(sql);
}
}
else if (email.Value == "" && username.Value != "")
{
// check if email exists
SQLString sql = new SQLString(
"select count(1) from users where isnull(us_email,'') != '' and us_username = @username");
sql.AddParameterWithValue("username", username.Value);
user_count = (int)DbUtil.execute_scalar(sql);
if (user_count == 1)
{
sql = new SQLString("select us_id from users where us_username = @username");
sql.AddParameterWithValue("username", username.Value);
user_id = (int)DbUtil.execute_scalar(sql);
}
}
else if (email.Value != "" && username.Value != "")
{
// check if email exists
SQLString sql = new SQLString(
"select count(1) from users where us_username = @username and us_email = @email");
sql.AddParameterWithValue("username", username.Value);
sql.AddParameterWithValue("email", email.Value);
user_count = (int)DbUtil.execute_scalar(sql);
if (user_count == 1)
{
sql = new SQLString(
"select us_id from users where us_username = @username and us_email = @email");
sql.AddParameterWithValue("username", username.Value);
sql.AddParameterWithValue("email", email.Value);
user_id = (int)DbUtil.execute_scalar(sql);
}
}
if (user_count == 1)
{
string guid = Guid.NewGuid().ToString();
var sql = new SQLString(@"
declare @username nvarchar(255)
declare @email nvarchar(255)
select @username = us_username, @email = us_email
from users where us_id = @user_id
insert into emailed_links
(el_id, el_date, el_email, el_action, el_user_id)
values (@guid, getdate(), @email, N'forgot', @user_id)
select @username us_username, @email us_email");
sql = sql.AddParameterWithValue("guid", guid);
sql = sql.AddParameterWithValue("user_id", Convert.ToString(user_id));
DataRow dr = DbUtil.get_datarow(sql);
string result = Email.send_email(
(string)dr["us_email"],
Util.get_setting("NotificationEmailFrom", ""),
"", // cc
"reset password",
"Click to <a href='"
+ Util.get_setting("AbsoluteUrlPrefix", "")
+ "change_password.aspx?id="
+ guid
+ "'>reset password</a> for user \""
+ (string)dr["us_username"]
+ "\".",
MailFormat.Html);
if (result == "")
{
msg.InnerHtml = "An email with password info has been sent to you.";
}
else
{
msg.InnerHtml = "There was a problem sending the email.";
msg.InnerHtml += "<br>" + result;
}
}
else
{
msg.InnerHtml = "Unknown username or email address.<br>Are you sure you spelled everything correctly?<br>Try just username, just email, or both.";
}
}
}
}
///////////////////////////////////////////////////////////////////////
protected void Page_Load(Object sender, EventArgs e)
{
Util.do_not_cache(Response);
this.Master.Menu.SelectedItem = Util.get_setting("PluralBugLabel", "bugs");
if (User.IsInRole(BtnetRoles.Admin) || User.Identity.GetCanEditAndDeleteBugs())
{
//
}
else
{
Response.Write("You are not allowed to use this page.");
Response.End();
}
string attachment_id_string = Util.sanitize_integer(Request["id"]);
string bug_id_string = Util.sanitize_integer(Request["bug_id"]);
int permission_level = Bug.get_bug_permission_level(Convert.ToInt32(bug_id_string), User.Identity);
if (permission_level != PermissionLevel.All)
{
Response.Write("You are not allowed to edit this item");
Response.End();
}
if (IsPostBack)
{
// save the filename before deleting the row
sql = new SQLString(@"select bp_file from bug_posts where bp_id = @ba");
sql = sql.AddParameterWithValue("ba", attachment_id_string);
string filename = (string)DbUtil.execute_scalar(sql);
// delete the row representing the attachment
sql = new SQLString(@"delete bug_post_attachments where bpa_post = @ba
delete bug_posts where bp_id = @ba");
sql = sql.AddParameterWithValue("ba", attachment_id_string);
DbUtil.execute_nonquery(sql);
// delete the file too
string upload_folder = Util.get_upload_folder();
if (upload_folder != null)
{
StringBuilder path = new StringBuilder(upload_folder);
path.Append("\\");
path.Append(bug_id_string);
path.Append("_");
path.Append(attachment_id_string);
path.Append("_");
path.Append(filename);
if (System.IO.File.Exists(path.ToString()))
{
System.IO.File.Delete(path.ToString());
}
}
Response.Redirect("edit_bug.aspx?id=" + bug_id_string);
}
else
{
Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - "
+ "delete attachment";
back_href.HRef = "edit_bug.aspx?id=" + bug_id_string;
sql = new SQLString(@"select bp_file from bug_posts where bp_id = @id");
sql = sql.AddParameterWithValue("id", attachment_id_string);
DataRow dr = DbUtil.get_datarow(sql);
string s = Convert.ToString(dr["bp_file"]);
confirm_href.InnerText = "confirm delete of attachment: " + s;
row_id.Value = attachment_id_string;
}
}
public static bool check_password(string username, string password)
{
string sql = @"
select us_username, us_id, us_password, isnull(us_salt,0) us_salt, us_active
from users
where us_username = N'$username'";
sql = sql.Replace("$username", username.Replace("'", "''"));
DataRow dr = DbUtil.get_datarow(sql);
if (dr == null)
{
Util.write_to_log("Unknown user " + username + " attempted to login.");
return(false);
}
int us_active = (int)dr["us_active"];
if (us_active == 0)
{
Util.write_to_log("Inactive user " + username + " attempted to login.");
return(false);
}
bool authenticated = false;
LinkedList <DateTime> failed_attempts = null;
// Too many failed attempts?
// We'll only allow N in the last N minutes.
failed_attempts = (LinkedList <DateTime>)HttpRuntime.Cache[username];
if (failed_attempts != null)
{
// Don't count attempts older than N minutes ago.
int minutes_ago = Convert.ToInt32(Util.get_setting("FailedLoginAttemptsMinutes", "10"));
int failed_attempts_allowed = Convert.ToInt32(Util.get_setting("FailedLoginAttemptsAllowed", "10"));
DateTime n_minutes_ago = DateTime.Now.AddMinutes(-1 * minutes_ago);
while (true)
{
if (failed_attempts.Count > 0)
{
if (failed_attempts.First.Value < n_minutes_ago)
{
Util.write_to_log("removing stale failed attempt for " + username);
failed_attempts.RemoveFirst();
}
else
{
break;
}
}
else
{
break;
}
}
// how many failed attempts in last N minutes?
Util.write_to_log("failed attempt count for " + username + ":" + Convert.ToString(failed_attempts.Count));
if (failed_attempts.Count > failed_attempts_allowed)
{
Util.write_to_log("Too many failed login attempts in too short a time period: " + username);
return(false);
}
// Save the list of attempts
HttpRuntime.Cache[username] = failed_attempts;
}
if (Util.get_setting("AuthenticateUsingLdap", "0") == "1")
{
authenticated = check_password_with_ldap(username, password);
}
else
{
authenticated = check_password_with_db(username, password, dr);
}
if (authenticated)
{
// clear list of failed attempts
if (failed_attempts != null)
{
failed_attempts.Clear();
HttpRuntime.Cache[username] = failed_attempts;
}
Util.update_most_recent_login_datetime((int)dr["us_id"]);
return(true);
}
else
{
if (failed_attempts == null)
{
failed_attempts = new LinkedList <DateTime>();
}
// Record a failed login attempt.
failed_attempts.AddLast(DateTime.Now);
HttpRuntime.Cache[username] = failed_attempts;
return(false);
}
}
///////////////////////////////////////////////////////////////////////
protected void Page_Load(Object sender, EventArgs e)
{
Master.Menu.SelectedItem = Util.get_setting("PluralBugLabel", "bugs");
Util.do_not_cache(Response);
if (User.IsInRole(BtnetRoles.Admin) || User.Identity.GetCanEditAndDeletePosts())
{
//
}
else
{
Response.Write("You are not allowed to use this page.");
Response.End();
}
Page.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - "
+ "edit comment";
msg.InnerText = "";
id = Convert.ToInt32(Request["id"]);
if (!IsPostBack)
{
sql = new SQLString(@"select bp_comment, bp_type,
isnull(bp_comment_search,bp_comment) bp_comment_search,
isnull(bp_content_type,'') bp_content_type,
bp_bug, bp_hidden_from_external_users
from bug_posts where bp_id = @id");
}
else
{
sql = new SQLString(@"select bp_bug, bp_type,
isnull(bp_content_type,'') bp_content_type,
bp_hidden_from_external_users
from bug_posts where bp_id = @id");
}
sql = sql.AddParameterWithValue("id", Convert.ToString(id));
DataRow dr = DbUtil.get_datarow(sql);
bugid = (int)dr["bp_bug"];
int permission_level = Bug.get_bug_permission_level(bugid, User.Identity);
if (permission_level == PermissionLevel.None ||
permission_level == PermissionLevel.ReadOnly ||
(string)dr["bp_type"] != "comment")
{
Response.Write("You are not allowed to edit this item");
Response.End();
}
string content_type = (string)dr["bp_content_type"];
if (User.Identity.GetUseFCKEditor() && content_type == "text/html" && Util.get_setting("DisableFCKEditor", "0") == "0")
{
use_fckeditor = true;
}
else
{
use_fckeditor = false;
}
if (User.Identity.GetIsExternalUser() || Util.get_setting("EnableInternalOnlyPosts", "0") == "0")
{
internal_only.Visible = false;
internal_only_label.Visible = false;
}
if (!IsPostBack)
{
internal_only.Checked = Convert.ToBoolean((int)dr["bp_hidden_from_external_users"]);
if (use_fckeditor)
{
comment.Value = (string)dr["bp_comment"];
}
else
{
comment.Value = (string)dr["bp_comment_search"];
}
}
else
{
on_update();
}
}
///////////////////////////////////////////////////////////////////////
public void check_security(HttpContext asp_net_context, int level)
{
Util.set_context(asp_net_context);
HttpRequest Request = asp_net_context.Request;
HttpResponse Response = asp_net_context.Response;
HttpCookie cookie = Request.Cookies["se_id"];
// This logic allows somebody to put a link in an email, like
// edit_bug.aspx?id=66
// The user would click on the link, go to the logon page (default.aspx),
// and then after logging in continue on to edit_bug.aspx?id=66
string original_url = Request.ServerVariables["URL"].ToString().ToLower();
string original_querystring = Request.ServerVariables["QUERY_STRING"].ToString().ToLower();
string target = "default.aspx";
if (original_url.EndsWith("mbug.aspx"))
{
target = "mlogin.aspx";
}
target += "?url=" + original_url + "&qs=" + HttpUtility.UrlEncode(original_querystring);
DataRow dr = null;
if (cookie == null)
{
if (Util.get_setting("AllowGuestWithoutLogin", "0") == "0")
{
Util.write_to_log("se_id cookie is null, so redirecting");
Response.Redirect(target);
}
}
else
{
// guard against "Sql Injection" exploit
string se_id = cookie.Value.Replace("'", "''");
int user_id = 0;
object obj = asp_net_context.Session[se_id];
if (obj != null)
{
user_id = Convert.ToInt32(obj);
}
// check for existing session for active user
string sql = @"
/* check session */
declare @project_admin int
select @project_admin = count(1)
from sessions
inner join project_user_xref on pu_user = se_user
and pu_admin = 1
where se_id = '$se';
select us_id, us_admin,
us_username, us_firstname, us_lastname,
isnull(us_email,'') us_email,
isnull(us_bugs_per_page,10) us_bugs_per_page,
isnull(us_forced_project,0) us_forced_project,
us_use_fckeditor,
us_enable_bug_list_popups,
og.*,
isnull(us_forced_project, 0 ) us_forced_project,
isnull(pu_permission_level, $dpl) pu_permission_level,
@project_admin [project_admin]
from sessions
inner join users on se_user = us_id
inner join orgs og on us_org = og_id
left outer join project_user_xref
on pu_project = us_forced_project
and pu_user = us_id
where se_id = '$se'
and us_active = 1";
sql = sql.Replace("$se", se_id);
sql = sql.Replace("$dpl", Util.get_setting("DefaultPermissionLevel", "2"));
dr = DbUtil.get_datarow(sql);
}
if (dr == null)
{
if (Util.get_setting("AllowGuestWithoutLogin", "0") == "1")
{
// allow users in, even without logging on.
// The user will have the permissions of the "guest" user.
string sql = @"
/* get guest */
select us_id, us_admin,
us_username, us_firstname, us_lastname,
isnull(us_email,'') us_email,
isnull(us_bugs_per_page,10) us_bugs_per_page,
isnull(us_forced_project,0) us_forced_project,
us_use_fckeditor,
us_enable_bug_list_popups,
og.*,
isnull(us_forced_project, 0 ) us_forced_project,
isnull(pu_permission_level, $dpl) pu_permission_level,
0 [project_admin]
from users
inner join orgs og on us_org = og_id
left outer join project_user_xref
on pu_project = us_forced_project
and pu_user = us_id
where us_username = '******'
and us_active = 1";
sql = sql.Replace("$dpl", Util.get_setting("DefaultPermissionLevel", "2"));
dr = DbUtil.get_datarow(sql);
}
}
// no previous session, no guest login allowed
if (dr == null)
{
Util.write_to_log("no previous session, no guest login allowed");
Response.Redirect(target);
}
else
{
user.set_from_db(dr);
}
if (cookie != null)
{
asp_net_context.Session["session_cookie"] = cookie.Value;
}
else
{
Util.write_to_log("blanking cookie");
asp_net_context.Session["session_cookie"] = "";
}
if (level == MUST_BE_ADMIN && !user.is_admin)
{
Util.write_to_log("must be admin, redirecting");
Response.Redirect("default.aspx");
}
else if (level == ANY_USER_OK_EXCEPT_GUEST && user.is_guest)
{
Util.write_to_log("cant be guest, redirecting");
Response.Redirect("default.aspx");
}
else if (level == MUST_BE_ADMIN_OR_PROJECT_ADMIN && !user.is_admin && !user.is_project_admin)
{
Util.write_to_log("must be project admin, redirecting");
Response.Redirect("default.aspx");
}
if (Util.get_setting("WindowsAuthentication", "0") == "1")
{
auth_method = "windows";
}
else
{
auth_method = "plain";
}
}
///////////////////////////////////////////////////////////////////////
protected void Page_Load(Object sender, EventArgs e)
{
Util.do_not_cache(Response);
if (User.IsInRole(BtnetRoles.Admin) || User.Identity.GetCanEditReports())
{
//
}
else
{
Response.Write("You are not allowed to use this page.");
Response.End();
}
Master.Menu.SelectedItem = "reports";
Page.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - "
+ "edit report";
msg.InnerText = "";
string var = Request.QueryString["id"];
if (var == null)
{
id = 0;
}
else
{
id = Convert.ToInt32(var);
}
if (!IsPostBack)
{
// add or edit?
if (id == 0)
{
sub.Value = "Create";
sql_text.Value = Request.Form["sql_text"]; // if coming from search.aspx
table.Checked = true;
}
else
{
sub.Value = "Update";
// Get this entry's data from the db and fill in the form
sql = new SQLString(@"select
rp_desc, rp_sql, rp_chart_type
from reports where rp_id = @rpid" );
sql = sql.AddParameterWithValue("rpid", Convert.ToString(id));
DataRow dr = DbUtil.get_datarow(sql);
// Fill in this form
desc.Value = (string)dr["rp_desc"];
sql_text.Value = (string)dr["rp_sql"];
switch ((string)dr["rp_chart_type"])
{
case "pie":
pie.Checked = true;
break;
case "bar":
bar.Checked = true;
break;
case "line":
line.Checked = true;
break;
default:
table.Checked = true;
break;
}
}
}
else
{
on_update();
}
}
///////////////////////////////////////////////////////////////////////
public static DataRow get_user_datarow_maybe_using_from_addr(SharpMimeMessage mime_message, string from_addr, string username)
{
DataRow dr = null;
string sql = @"
select us_id, us_admin, us_username, us_org, og_other_orgs_permission_level, isnull(us_forced_project,0) us_forced_project
from users
inner join orgs on us_org = og_id
where us_username = N'$us'";
// Create a new user from the "from" email address
string btnet_service_username = Util.get_setting("CreateUserFromEmailAddressIfThisUsername", "");
if (!string.IsNullOrEmpty(from_addr) && username == btnet_service_username)
{
// We can do a better job of parsing the from_addr here than we did in btnet_service.exe
if (mime_message != null)
{
if (mime_message.Header.From != null && mime_message.Header.From != "")
{
from_addr = SharpMimeTools.parserfc2047Header(mime_message.Header.From);
// handle multiline from
from_addr = from_addr.Replace("\t", " ");
}
}
// See if there's already a username that matches this email address
username = Email.simplify_email_address(from_addr);
// Does a user with this email already exist?
sql = sql.Replace("$us", username.Replace("'", "''"));
// We maybe found [email protected], so let's use him as the user instead of the btnet_service.exe user
dr = DbUtil.get_datarow(sql);
// We didn't find the user, so let's create him, using the email address as the username.
if (dr == null)
{
bool use_domain_as_org_name = Util.get_setting("UseEmailDomainAsNewOrgNameWhenCreatingNewUser", "0") == "1";
User.copy_user(
username,
username,
"", "", "", // first, last, signature
0, // salt
Guid.NewGuid().ToString(), // random value for password,
Util.get_setting("CreateUsersFromEmailTemplate", "[error - missing user template]"),
use_domain_as_org_name);
// now that we have created a user, try again
dr = DbUtil.get_datarow(sql);
}
}
else
{
// Use the btnet_service.exe user as the username
sql = sql.Replace("$us", username.Replace("'", "''"));
dr = DbUtil.get_datarow(sql);
}
return(dr);
}
