//*************************************************************
public static void auto_reply(int bugid, string from_addr, string short_desc, int projectid)
{
string auto_reply_text = Util.get_setting("AutoReplyText", "");
if (auto_reply_text == "")
{
return;
}
auto_reply_text = auto_reply_text.Replace("$BUGID$", Convert.ToString(bugid));
string sql = @"select
pj_pop3_email_from
from projects
where pj_id = $pj" ;
sql = sql.Replace("$pj", Convert.ToString(projectid));
object project_email = DbUtil.execute_scalar(sql);
if (project_email == null)
{
Util.write_to_log("skipping auto reply because project email is blank");
return;
}
string project_email_string = Convert.ToString(project_email);
if (project_email_string == "")
{
Util.write_to_log("skipping auto reply because project email is blank");
return;
}
// To avoid an infinite loop of replying to emails and then having to reply to the replies!
if (project_email_string.ToLower() == from_addr.ToLower())
{
Util.write_to_log("skipping auto reply because from address is same as project email:" + project_email_string);
return;
}
string outgoing_subject = short_desc + " ("
+ Util.get_setting("TrackingIdString", "DO NOT EDIT THIS:")
+ Convert.ToString(bugid) + ")";
bool use_html_format = (Util.get_setting("AutoReplyUseHtmlEmailFormat", "0") == "1");
// commas cause trouble
string cleaner_from_addr = from_addr.Replace(",", " ");
Email.send_email( // 4 args
cleaner_from_addr, // we are responding TO the address we just received email FROM
project_email_string,
"", // cc
outgoing_subject,
auto_reply_text,
use_html_format ? BtnetMailFormat.Html : BtnetMailFormat.Text);
}
///////////////////////////////////////////////////////////////////////
// Send the emails in the queue
protected static void actually_send_the_emails()
{
btnet.Util.write_to_log("actually_send_the_emails");
var sql = new SQLString(@"select * from queued_notifications where qn_status = N'not sent' and qn_retries < 3");
// create a new one, just in case there would be multithreading issues...
// get the pending notifications
DataSet ds = btnet.DbUtil.get_dataset(sql);
foreach (DataRow dr in ds.Tables[0].Rows)
{
string err = "";
try
{
string to = (string)dr["qn_to"];
btnet.Util.write_to_log("sending email to " + to);
// try to send it
err = Email.send_email(
(string)dr["qn_to"],
(string)dr["qn_from"],
"", // cc
(string)dr["qn_subject"],
(string)dr["qn_body"],
MailFormat.Html);
if (err == "")
{
sql = new SQLString("delete from queued_notifications where qn_id = @qn_id");
}
}
catch (Exception e)
{
err = e.Message;
if (e.InnerException != null)
{
err += "; ";
err += e.InnerException.Message;
}
}
if (err != "")
{
sql = new SQLString("update queued_notifications set qn_retries = qn_retries + 1, qn_last_exception = @ex where qn_id = @qn_id");
sql = sql.AddParameterWithValue("@ex", err.Replace("'", "''"));
}
sql = sql.AddParameterWithValue("qn_id", Convert.ToString(dr["qn_id"]));
// update the row or delete the row
btnet.DbUtil.execute_nonquery(sql);
}
}
///////////////////////////////////////////////////////////////////////
void on_update()
{
if (!validate())
{
return;
}
sql = new SQLString(@"
insert into bug_posts
(bp_bug, bp_user, bp_date, bp_comment, bp_comment_search, bp_email_from, bp_email_to, bp_type, bp_content_type, bp_email_cc)
values(@id, @us, getdate(), @cm, @cs, @fr, @to, 'sent', @ct, @cc);
select scope_identity()
update bugs set
bg_last_updated_user = @us,
bg_last_updated_date = getdate()
where bg_id = @id" );
sql = sql.AddParameterWithValue("id", bg_id.Value);
sql = sql.AddParameterWithValue("us", Convert.ToString(User.Identity.GetUserId()));
if (User.Identity.GetUseFCKEditor())
{
string adjusted_body = "Subject: " + subject.Value + "<br><br>";
adjusted_body += btnet.Util.strip_dangerous_tags(body.Value);
sql = sql.AddParameterWithValue("cm", adjusted_body);
sql = sql.AddParameterWithValue("cs", adjusted_body);
sql = sql.AddParameterWithValue("ct", "text/html");
}
else
{
string adjusted_body = "Subject: " + subject.Value + "\n\n";
adjusted_body += HttpUtility.HtmlDecode(body.Value);
sql = sql.AddParameterWithValue("cm", adjusted_body);
sql = sql.AddParameterWithValue("cs", adjusted_body);
sql = sql.AddParameterWithValue("ct", "text/plain");
}
sql = sql.AddParameterWithValue("fr", from.SelectedItem.Value);
sql = sql.AddParameterWithValue("to", to.Value);
sql = sql.AddParameterWithValue("cc", cc.Value);
int comment_id = Convert.ToInt32(btnet.DbUtil.execute_scalar(sql));
int[] attachments = handle_attachments(comment_id);
string body_text;
MailFormat format;
MailPriority priority;
switch (prior.SelectedItem.Value)
{
case "High":
priority = MailPriority.High;
break;
case "Low":
priority = MailPriority.Low;
break;
default:
priority = MailPriority.Normal;
break;
}
if (include_bug.Checked)
{
// white space isn't handled well, I guess.
if (User.Identity.GetUseFCKEditor())
{
body_text = body.Value;
body_text += "<br><br>";
}
else
{
body_text = body.Value.Replace("\n", "<br>");
body_text = body_text.Replace("\t", " ");
body_text = body_text.Replace(" ", " ");
}
body_text += "<hr>" + get_bug_text(Convert.ToInt32(bg_id.Value));
format = MailFormat.Html;
}
else
{
if (User.Identity.GetUseFCKEditor())
{
body_text = body.Value;
format = MailFormat.Html;
}
else
{
body_text = HttpUtility.HtmlDecode(body.Value);
//body_text = body_text.Replace("\n","\r\n");
format = MailFormat.Text;
}
}
string result = Email.send_email( // 9 args
to.Value,
from.SelectedItem.Value,
cc.Value,
subject.Value,
body_text,
format,
priority,
attachments,
return_receipt.Checked);
btnet.Bug.send_notifications(btnet.Bug.UPDATE, Convert.ToInt32(bg_id.Value), User.Identity);
btnet.WhatsNew.add_news(Convert.ToInt32(bg_id.Value), short_desc.Value, "email sent", User.Identity);
if (result == "")
{
Response.Redirect("edit_bug.aspx?id=" + bg_id.Value);
}
else
{
msg.InnerText = result;
}
}
///////////////////////////////////////////////////////////////////////
public void Page_Load(Object sender, EventArgs e)
{
Util.set_context(HttpContext.Current);
Util.do_not_cache(Response);
if (Util.get_setting("ShowForgotPasswordLink", "0") == "0")
{
Response.Write("Sorry, Web.config ShowForgotPasswordLink is set to 0");
Response.End();
}
if (!IsPostBack)
{
Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - "
+ "forgot password";
}
else
{
msg.InnerHtml = "";
if (email.Value == "" && username.Value == "")
{
msg.InnerHtml = "Enter either your Username or your Email address.";
}
else if (email.Value != "" && !Util.validate_email(email.Value))
{
msg.InnerHtml = "Format of email address is invalid.";
}
else
{
int user_count = 0;
int user_id = 0;
if (email.Value != "" && username.Value == "")
{
// check if email exists
SQLString sql = new SQLString("select count(1) from users where us_email = @email");
sql.AddParameterWithValue("email", email.Value);
user_count = (int)DbUtil.execute_scalar(sql);
if (user_count == 1)
{
sql = new SQLString("select us_id from users where us_email = @email");
sql.AddParameterWithValue("email", email.Value);
user_id = (int)DbUtil.execute_scalar(sql);
}
}
else if (email.Value == "" && username.Value != "")
{
// check if email exists
SQLString sql = new SQLString(
"select count(1) from users where isnull(us_email,'') != '' and us_username = @username");
sql.AddParameterWithValue("username", username.Value);
user_count = (int)DbUtil.execute_scalar(sql);
if (user_count == 1)
{
sql = new SQLString("select us_id from users where us_username = @username");
sql.AddParameterWithValue("username", username.Value);
user_id = (int)DbUtil.execute_scalar(sql);
}
}
else if (email.Value != "" && username.Value != "")
{
// check if email exists
SQLString sql = new SQLString(
"select count(1) from users where us_username = @username and us_email = @email");
sql.AddParameterWithValue("username", username.Value);
sql.AddParameterWithValue("email", email.Value);
user_count = (int)DbUtil.execute_scalar(sql);
if (user_count == 1)
{
sql = new SQLString(
"select us_id from users where us_username = @username and us_email = @email");
sql.AddParameterWithValue("username", username.Value);
sql.AddParameterWithValue("email", email.Value);
user_id = (int)DbUtil.execute_scalar(sql);
}
}
if (user_count == 1)
{
string guid = Guid.NewGuid().ToString();
var sql = new SQLString(@"
declare @username nvarchar(255)
declare @email nvarchar(255)
select @username = us_username, @email = us_email
from users where us_id = @user_id
insert into emailed_links
(el_id, el_date, el_email, el_action, el_user_id)
values (@guid, getdate(), @email, N'forgot', @user_id)
select @username us_username, @email us_email");
sql = sql.AddParameterWithValue("guid", guid);
sql = sql.AddParameterWithValue("user_id", Convert.ToString(user_id));
DataRow dr = DbUtil.get_datarow(sql);
string result = Email.send_email(
(string)dr["us_email"],
Util.get_setting("NotificationEmailFrom", ""),
"", // cc
"reset password",
"Click to <a href='"
+ Util.get_setting("AbsoluteUrlPrefix", "")
+ "change_password.aspx?id="
+ guid
+ "'>reset password</a> for user \""
+ (string)dr["us_username"]
+ "\".",
MailFormat.Html);
if (result == "")
{
msg.InnerHtml = "An email with password info has been sent to you.";
}
else
{
msg.InnerHtml = "There was a problem sending the email.";
msg.InnerHtml += "<br>" + result;
}
}
else
{
msg.InnerHtml = "Unknown username or email address.<br>Are you sure you spelled everything correctly?<br>Try just username, just email, or both.";
}
}
}
}
///////////////////////////////////////////////////////////////////////
public void Page_Load(Object sender, EventArgs e)
{
Util.set_context(HttpContext.Current);
Util.do_not_cache(Response);
if (Util.get_setting("AllowSelfRegistration", "0") == "0")
{
Response.Write("Sorry, Web.config AllowSelfRegistration is set to 0");
Response.End();
}
if (!IsPostBack)
{
titl.InnerText = Util.get_setting("AppTitle", "BugTracker.NET") + " - "
+ "register";
}
else
{
msg.InnerHtml = " ";
username_err.InnerHtml = " ";
email_err.InnerHtml = " ";
password_err.InnerHtml = " ";
confirm_err.InnerHtml = " ";
firstname_err.InnerHtml = " ";
lastname_err.InnerHtml = " ";
bool valid = validate();
if (!valid)
{
msg.InnerHtml = "Registration was not submitted.";
}
else
{
string guid = Guid.NewGuid().ToString();
// encrypt the password
Random random = new Random();
int salt = random.Next(10000, 99999);
string encrypted = Util.HashString(password.Value, Convert.ToString(salt));
var sql = new SQLString(@"
insert into emailed_links
(el_id, el_date, el_email, el_action,
el_username, el_salt, el_password, el_firstname, el_lastname)
values (@guid, getdate(), @email, @register,
@username, @salt, @password, @firstname, @lastname)" );
sql = sql.AddParameterWithValue("guid", guid);
sql = sql.AddParameterWithValue("password", encrypted);
sql = sql.AddParameterWithValue("salt", Convert.ToString(salt));
sql = sql.AddParameterWithValue("username", username.Value);
sql = sql.AddParameterWithValue("email", email.Value);
sql = sql.AddParameterWithValue("firstname", firstname.Value);
sql = sql.AddParameterWithValue("lastname", lastname.Value.Replace("'", "''"));
btnet.DbUtil.execute_nonquery(sql);
string result = Email.send_email(
email.Value,
Util.get_setting("NotificationEmailFrom", ""),
"", // cc
"Please complete registration",
"Click to <a href='"
+ Util.get_setting("AbsoluteUrlPrefix", "")
+ "complete_registration.aspx?id="
+ guid
+ "'>complete registration</a>.",
MailFormat.Html);
msg.InnerHtml = "An email has been sent to " + email.Value;
msg.InnerHtml += "<br>Please click on the link in the email message to complete registration.";
}
}
}
/*
* Copyright 2002 Corey Trager
* Distributed under the terms of the GNU General Public License
*/
public void Application_Error(Object sender, EventArgs e)
{
// Put the server vars into a string
var server_vars_string = new StringBuilder();
int loop1, loop2;
NameValueCollection coll;
// Load ServerVariable collection into NameValueCollection object.
coll = Request.ServerVariables;
// Get names of all keys into a string array.
String[] arr1 = coll.AllKeys;
for (loop1 = 0; loop1 < arr1.Length; loop1++)
{
string key = arr1[loop1];
if (key.StartsWith("AUTH_PASSWORD"))
{
continue;
}
String[] arr2 = coll.GetValues(key);
for (loop2 = 0; loop2 < 1; loop2++)
{
string val = arr2[loop2];
if (string.IsNullOrEmpty(val))
{
break;
}
server_vars_string.Append("\n");
server_vars_string.Append(key);
server_vars_string.Append("=");
server_vars_string.Append(val);
}
}
Exception exc = Server.GetLastError().GetBaseException();
bool log_enabled = (Util.get_setting("LogEnabled", "1") == "1");
if (log_enabled)
{
string path = Util.get_log_file_path();
// open file
StreamWriter w = File.AppendText(path);
w.WriteLine("\nTIME: " + DateTime.Now.ToLongTimeString());
w.WriteLine("MSG: " + exc.Message);
w.WriteLine("URL: " + Request.Url);
w.WriteLine("EXCEPTION: " + exc);
w.WriteLine(server_vars_string.ToString());
w.Close();
}
bool error_email_enabled = (Util.get_setting("ErrorEmailEnabled", "1") == "1");
if (error_email_enabled)
{
if (exc.Message == "Expected integer. Possible SQL injection attempt?")
{
// don't bother sending email. Too many automated attackers
}
else
{
string to = Util.get_setting("ErrorEmailTo", "");
string from = Util.get_setting("ErrorEmailFrom", "");
string subject = "Error: " + exc.Message;
var body = new StringBuilder();
body.Append("\nTIME: ");
body.Append(DateTime.Now.ToLongTimeString());
body.Append("\nURL: ");
body.Append(Request.Url);
body.Append("\nException: ");
body.Append(exc);
body.Append(server_vars_string);
Email.send_email(to, from, "", subject, body.ToString()); // 5 args
}
}
}
