//************************************************************* public static void auto_reply(int bugid, string from_addr, string short_desc, int projectid) { string auto_reply_text = Util.get_setting("AutoReplyText", ""); if (auto_reply_text == "") { return; } auto_reply_text = auto_reply_text.Replace("$BUGID$", Convert.ToString(bugid)); string sql = @"select pj_pop3_email_from from projects where pj_id = $pj" ; sql = sql.Replace("$pj", Convert.ToString(projectid)); object project_email = DbUtil.execute_scalar(sql); if (project_email == null) { Util.write_to_log("skipping auto reply because project email is blank"); return; } string project_email_string = Convert.ToString(project_email); if (project_email_string == "") { Util.write_to_log("skipping auto reply because project email is blank"); return; } // To avoid an infinite loop of replying to emails and then having to reply to the replies! if (project_email_string.ToLower() == from_addr.ToLower()) { Util.write_to_log("skipping auto reply because from address is same as project email:" + project_email_string); return; } string outgoing_subject = short_desc + " (" + Util.get_setting("TrackingIdString", "DO NOT EDIT THIS:") + Convert.ToString(bugid) + ")"; bool use_html_format = (Util.get_setting("AutoReplyUseHtmlEmailFormat", "0") == "1"); // commas cause trouble string cleaner_from_addr = from_addr.Replace(",", " "); Email.send_email( // 4 args cleaner_from_addr, // we are responding TO the address we just received email FROM project_email_string, "", // cc outgoing_subject, auto_reply_text, use_html_format ? BtnetMailFormat.Html : BtnetMailFormat.Text); }
/////////////////////////////////////////////////////////////////////// // Send the emails in the queue protected static void actually_send_the_emails() { btnet.Util.write_to_log("actually_send_the_emails"); var sql = new SQLString(@"select * from queued_notifications where qn_status = N'not sent' and qn_retries < 3"); // create a new one, just in case there would be multithreading issues... // get the pending notifications DataSet ds = btnet.DbUtil.get_dataset(sql); foreach (DataRow dr in ds.Tables[0].Rows) { string err = ""; try { string to = (string)dr["qn_to"]; btnet.Util.write_to_log("sending email to " + to); // try to send it err = Email.send_email( (string)dr["qn_to"], (string)dr["qn_from"], "", // cc (string)dr["qn_subject"], (string)dr["qn_body"], MailFormat.Html); if (err == "") { sql = new SQLString("delete from queued_notifications where qn_id = @qn_id"); } } catch (Exception e) { err = e.Message; if (e.InnerException != null) { err += "; "; err += e.InnerException.Message; } } if (err != "") { sql = new SQLString("update queued_notifications set qn_retries = qn_retries + 1, qn_last_exception = @ex where qn_id = @qn_id"); sql = sql.AddParameterWithValue("@ex", err.Replace("'", "''")); } sql = sql.AddParameterWithValue("qn_id", Convert.ToString(dr["qn_id"])); // update the row or delete the row btnet.DbUtil.execute_nonquery(sql); } }
/////////////////////////////////////////////////////////////////////// void on_update() { if (!validate()) { return; } sql = new SQLString(@" insert into bug_posts (bp_bug, bp_user, bp_date, bp_comment, bp_comment_search, bp_email_from, bp_email_to, bp_type, bp_content_type, bp_email_cc) values(@id, @us, getdate(), @cm, @cs, @fr, @to, 'sent', @ct, @cc); select scope_identity() update bugs set bg_last_updated_user = @us, bg_last_updated_date = getdate() where bg_id = @id" ); sql = sql.AddParameterWithValue("id", bg_id.Value); sql = sql.AddParameterWithValue("us", Convert.ToString(User.Identity.GetUserId())); if (User.Identity.GetUseFCKEditor()) { string adjusted_body = "Subject: " + subject.Value + "<br><br>"; adjusted_body += btnet.Util.strip_dangerous_tags(body.Value); sql = sql.AddParameterWithValue("cm", adjusted_body); sql = sql.AddParameterWithValue("cs", adjusted_body); sql = sql.AddParameterWithValue("ct", "text/html"); } else { string adjusted_body = "Subject: " + subject.Value + "\n\n"; adjusted_body += HttpUtility.HtmlDecode(body.Value); sql = sql.AddParameterWithValue("cm", adjusted_body); sql = sql.AddParameterWithValue("cs", adjusted_body); sql = sql.AddParameterWithValue("ct", "text/plain"); } sql = sql.AddParameterWithValue("fr", from.SelectedItem.Value); sql = sql.AddParameterWithValue("to", to.Value); sql = sql.AddParameterWithValue("cc", cc.Value); int comment_id = Convert.ToInt32(btnet.DbUtil.execute_scalar(sql)); int[] attachments = handle_attachments(comment_id); string body_text; MailFormat format; MailPriority priority; switch (prior.SelectedItem.Value) { case "High": priority = MailPriority.High; break; case "Low": priority = MailPriority.Low; break; default: priority = MailPriority.Normal; break; } if (include_bug.Checked) { // white space isn't handled well, I guess. if (User.Identity.GetUseFCKEditor()) { body_text = body.Value; body_text += "<br><br>"; } else { body_text = body.Value.Replace("\n", "<br>"); body_text = body_text.Replace("\t", " "); body_text = body_text.Replace(" ", " "); } body_text += "<hr>" + get_bug_text(Convert.ToInt32(bg_id.Value)); format = MailFormat.Html; } else { if (User.Identity.GetUseFCKEditor()) { body_text = body.Value; format = MailFormat.Html; } else { body_text = HttpUtility.HtmlDecode(body.Value); //body_text = body_text.Replace("\n","\r\n"); format = MailFormat.Text; } } string result = Email.send_email( // 9 args to.Value, from.SelectedItem.Value, cc.Value, subject.Value, body_text, format, priority, attachments, return_receipt.Checked); btnet.Bug.send_notifications(btnet.Bug.UPDATE, Convert.ToInt32(bg_id.Value), User.Identity); btnet.WhatsNew.add_news(Convert.ToInt32(bg_id.Value), short_desc.Value, "email sent", User.Identity); if (result == "") { Response.Redirect("edit_bug.aspx?id=" + bg_id.Value); } else { msg.InnerText = result; } }
/////////////////////////////////////////////////////////////////////// public void Page_Load(Object sender, EventArgs e) { Util.set_context(HttpContext.Current); Util.do_not_cache(Response); if (Util.get_setting("ShowForgotPasswordLink", "0") == "0") { Response.Write("Sorry, Web.config ShowForgotPasswordLink is set to 0"); Response.End(); } if (!IsPostBack) { Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - " + "forgot password"; } else { msg.InnerHtml = ""; if (email.Value == "" && username.Value == "") { msg.InnerHtml = "Enter either your Username or your Email address."; } else if (email.Value != "" && !Util.validate_email(email.Value)) { msg.InnerHtml = "Format of email address is invalid."; } else { int user_count = 0; int user_id = 0; if (email.Value != "" && username.Value == "") { // check if email exists SQLString sql = new SQLString("select count(1) from users where us_email = @email"); sql.AddParameterWithValue("email", email.Value); user_count = (int)DbUtil.execute_scalar(sql); if (user_count == 1) { sql = new SQLString("select us_id from users where us_email = @email"); sql.AddParameterWithValue("email", email.Value); user_id = (int)DbUtil.execute_scalar(sql); } } else if (email.Value == "" && username.Value != "") { // check if email exists SQLString sql = new SQLString( "select count(1) from users where isnull(us_email,'') != '' and us_username = @username"); sql.AddParameterWithValue("username", username.Value); user_count = (int)DbUtil.execute_scalar(sql); if (user_count == 1) { sql = new SQLString("select us_id from users where us_username = @username"); sql.AddParameterWithValue("username", username.Value); user_id = (int)DbUtil.execute_scalar(sql); } } else if (email.Value != "" && username.Value != "") { // check if email exists SQLString sql = new SQLString( "select count(1) from users where us_username = @username and us_email = @email"); sql.AddParameterWithValue("username", username.Value); sql.AddParameterWithValue("email", email.Value); user_count = (int)DbUtil.execute_scalar(sql); if (user_count == 1) { sql = new SQLString( "select us_id from users where us_username = @username and us_email = @email"); sql.AddParameterWithValue("username", username.Value); sql.AddParameterWithValue("email", email.Value); user_id = (int)DbUtil.execute_scalar(sql); } } if (user_count == 1) { string guid = Guid.NewGuid().ToString(); var sql = new SQLString(@" declare @username nvarchar(255) declare @email nvarchar(255) select @username = us_username, @email = us_email from users where us_id = @user_id insert into emailed_links (el_id, el_date, el_email, el_action, el_user_id) values (@guid, getdate(), @email, N'forgot', @user_id) select @username us_username, @email us_email"); sql = sql.AddParameterWithValue("guid", guid); sql = sql.AddParameterWithValue("user_id", Convert.ToString(user_id)); DataRow dr = DbUtil.get_datarow(sql); string result = Email.send_email( (string)dr["us_email"], Util.get_setting("NotificationEmailFrom", ""), "", // cc "reset password", "Click to <a href='" + Util.get_setting("AbsoluteUrlPrefix", "") + "change_password.aspx?id=" + guid + "'>reset password</a> for user \"" + (string)dr["us_username"] + "\".", MailFormat.Html); if (result == "") { msg.InnerHtml = "An email with password info has been sent to you."; } else { msg.InnerHtml = "There was a problem sending the email."; msg.InnerHtml += "<br>" + result; } } else { msg.InnerHtml = "Unknown username or email address.<br>Are you sure you spelled everything correctly?<br>Try just username, just email, or both."; } } } }
/////////////////////////////////////////////////////////////////////// public void Page_Load(Object sender, EventArgs e) { Util.set_context(HttpContext.Current); Util.do_not_cache(Response); if (Util.get_setting("AllowSelfRegistration", "0") == "0") { Response.Write("Sorry, Web.config AllowSelfRegistration is set to 0"); Response.End(); } if (!IsPostBack) { titl.InnerText = Util.get_setting("AppTitle", "BugTracker.NET") + " - " + "register"; } else { msg.InnerHtml = " "; username_err.InnerHtml = " "; email_err.InnerHtml = " "; password_err.InnerHtml = " "; confirm_err.InnerHtml = " "; firstname_err.InnerHtml = " "; lastname_err.InnerHtml = " "; bool valid = validate(); if (!valid) { msg.InnerHtml = "Registration was not submitted."; } else { string guid = Guid.NewGuid().ToString(); // encrypt the password Random random = new Random(); int salt = random.Next(10000, 99999); string encrypted = Util.HashString(password.Value, Convert.ToString(salt)); var sql = new SQLString(@" insert into emailed_links (el_id, el_date, el_email, el_action, el_username, el_salt, el_password, el_firstname, el_lastname) values (@guid, getdate(), @email, @register, @username, @salt, @password, @firstname, @lastname)" ); sql = sql.AddParameterWithValue("guid", guid); sql = sql.AddParameterWithValue("password", encrypted); sql = sql.AddParameterWithValue("salt", Convert.ToString(salt)); sql = sql.AddParameterWithValue("username", username.Value); sql = sql.AddParameterWithValue("email", email.Value); sql = sql.AddParameterWithValue("firstname", firstname.Value); sql = sql.AddParameterWithValue("lastname", lastname.Value.Replace("'", "''")); btnet.DbUtil.execute_nonquery(sql); string result = Email.send_email( email.Value, Util.get_setting("NotificationEmailFrom", ""), "", // cc "Please complete registration", "Click to <a href='" + Util.get_setting("AbsoluteUrlPrefix", "") + "complete_registration.aspx?id=" + guid + "'>complete registration</a>.", MailFormat.Html); msg.InnerHtml = "An email has been sent to " + email.Value; msg.InnerHtml += "<br>Please click on the link in the email message to complete registration."; } } }
/* * Copyright 2002 Corey Trager * Distributed under the terms of the GNU General Public License */ public void Application_Error(Object sender, EventArgs e) { // Put the server vars into a string var server_vars_string = new StringBuilder(); int loop1, loop2; NameValueCollection coll; // Load ServerVariable collection into NameValueCollection object. coll = Request.ServerVariables; // Get names of all keys into a string array. String[] arr1 = coll.AllKeys; for (loop1 = 0; loop1 < arr1.Length; loop1++) { string key = arr1[loop1]; if (key.StartsWith("AUTH_PASSWORD")) { continue; } String[] arr2 = coll.GetValues(key); for (loop2 = 0; loop2 < 1; loop2++) { string val = arr2[loop2]; if (string.IsNullOrEmpty(val)) { break; } server_vars_string.Append("\n"); server_vars_string.Append(key); server_vars_string.Append("="); server_vars_string.Append(val); } } Exception exc = Server.GetLastError().GetBaseException(); bool log_enabled = (Util.get_setting("LogEnabled", "1") == "1"); if (log_enabled) { string path = Util.get_log_file_path(); // open file StreamWriter w = File.AppendText(path); w.WriteLine("\nTIME: " + DateTime.Now.ToLongTimeString()); w.WriteLine("MSG: " + exc.Message); w.WriteLine("URL: " + Request.Url); w.WriteLine("EXCEPTION: " + exc); w.WriteLine(server_vars_string.ToString()); w.Close(); } bool error_email_enabled = (Util.get_setting("ErrorEmailEnabled", "1") == "1"); if (error_email_enabled) { if (exc.Message == "Expected integer. Possible SQL injection attempt?") { // don't bother sending email. Too many automated attackers } else { string to = Util.get_setting("ErrorEmailTo", ""); string from = Util.get_setting("ErrorEmailFrom", ""); string subject = "Error: " + exc.Message; var body = new StringBuilder(); body.Append("\nTIME: "); body.Append(DateTime.Now.ToLongTimeString()); body.Append("\nURL: "); body.Append(Request.Url); body.Append("\nException: "); body.Append(exc); body.Append(server_vars_string); Email.send_email(to, from, "", subject, body.ToString()); // 5 args } } }