# MantisBT - A PHP based bugtracking system
# Copyright (C) 2002 - 2011  MantisBT Team - [email protected]
# MantisBT is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.
#
# MantisBT is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.

form_security_validate( 'plugin_graph_config_edit' );

auth_reauthenticate( );
access_ensure_global_level( config_get( 'manage_plugin_threshold' ) );

$f_library = gpc_get_int( 'eczlibrary', ON );

$f_window_width = gpc_get_int( 'window_width', 800 );
$f_bar_aspect = (float) gpc_get_string( 'bar_aspect', '0.9' );
$f_summary_graphs_per_row = gpc_get_int( 'summary_graphs_per_row', 2 );

$f_jpgraph_antialias = gpc_get_int( 'jpgraph_antialias', ON );
$f_font = gpc_get_string( 'font', '' );

if ( plugin_config_get( 'eczlibrary' ) != $f_library ) {
	plugin_config_set( 'eczlibrary', $f_library );

/**
 * MantisBT Core API's
 */
require_once( 'core.php' );
require_api( 'access_api.php' );
require_api( 'authentication_api.php' );
require_api( 'config_api.php' );
require_api( 'constant_inc.php' );
require_api( 'database_api.php' );
require_api( 'form_api.php' );
require_api( 'helper_api.php' );
require_api( 'lang_api.php' );
require_api( 'print_api.php' );
require_api( 'user_api.php' );

form_security_validate( 'manage_user_prune' );

auth_reauthenticate();

access_ensure_global_level( config_get( 'manage_user_threshold' ) );

$t_user_table = db_get_table( 'user' );

# Delete the users who have never logged in and are older than 1 week
$days_old = (int)7 * SECONDS_PER_DAY;

$query = "SELECT id, access_level
		FROM $t_user_table
		WHERE ( login_count = 0 ) AND ( date_created = last_visit ) AND " . db_helper_compare_days( 0, "date_created", "> $days_old" );
$result = db_query_bound($query, Array( db_now() ) );

 * @uses database_api.php
 * @uses form_api.php
 * @uses gpc_api.php
 * @uses print_api.php
 */
/** @ignore */
define('PLUGINS_DISABLED', true);
require_once 'core.php';
require_api('access_api.php');
require_api('authentication_api.php');
require_api('config_api.php');
require_api('database_api.php');
require_api('form_api.php');
require_api('gpc_api.php');
require_api('print_api.php');
form_security_validate('manage_plugin_update');
auth_reauthenticate();
access_ensure_global_level(config_get('manage_plugin_threshold'));
$t_plugin_table = db_get_table('plugin');
$t_query = "SELECT basename FROM {$t_plugin_table}";
$t_result = db_query_bound($t_query);
while ($t_row = db_fetch_array($t_result)) {
    $t_basename = $t_row['basename'];
    $f_change = gpc_get_bool('change_' . $t_basename, 0);
    if (!$f_change) {
        continue;
    }
    $f_priority = gpc_get_int('priority_' . $t_basename, 3);
    $f_protected = gpc_get_bool('protected_' . $t_basename, 0);
    $t_query = "UPDATE {$t_plugin_table} SET priority=" . db_param() . ', protected=' . db_param() . ' WHERE basename=' . db_param();
    db_query_bound($t_query, array($f_priority, $f_protected, $t_basename));

# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.
/**
 * @package MantisBT
 * @copyright Copyright (C) 2000 - 2002  Kenzaburo Ito - [email protected]
 * @copyright Copyright (C) 2002 - 2014  MantisBT Team - [email protected]
 * @link http://www.mantisbt.org
 */
/**
 * MantisBT Core API's
 */
require_once 'core.php';
require_once 'email_api.php';
form_security_validate('signup');
$f_username = strip_tags(gpc_get_string('username'));
$f_email = strip_tags(gpc_get_string('email'));
$f_captcha = gpc_get_string('captcha', '');
$f_username = trim($f_username);
$f_email = email_append_domain(trim($f_email));
$f_captcha = utf8_strtolower(trim($f_captcha));
# Retrieve captcha key now, as session might get cleared by logout
$t_form_key = session_get_int(CAPTCHA_KEY, null);
# force logout on the current user if already authenticated
if (auth_is_user_authenticated()) {
    auth_logout();
}
# Check to see if signup is allowed
if (OFF == config_get_global('allow_signup')) {
    print_header_redirect('login_page.php');

# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.
#
# MantisBT is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.
/**
 * @package MantisBT
 * @copyright Copyright (C) 2002 - 2013  MantisBT Team - [email protected]
 * @link http://www.mantisbt.org
 */
/**
 * MantisBT Core API's
 */
require_once 'core.php';
/**
 * requires tag_api
 */
require_once 'tag_api.php';
form_security_validate('tag_detach');
$f_tag_id = gpc_get_int('tag_id');
$f_bug_id = gpc_get_int('bug_id');
tag_bug_detach($f_tag_id, $f_bug_id);
event_signal('EVENT_TAG_DETACHED', array($f_bug_id, array($f_tag_id)));
form_security_purge('tag_detach');
print_successful_redirect_to_bug($f_bug_id);

# (at your option) any later version.
#
# Mantis is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Mantis.  If not, see <http://www.gnu.org/licenses/>.
# --------------------------------------------------------
# $Id: manage_custom_field_delete.php,v 1.17.2.1 2007-10-13 22:33:27 giallu Exp $
# --------------------------------------------------------
require_once 'core.php';
$t_core_path = config_get('core_path');
require_once $t_core_path . 'custom_field_api.php';
form_security_validate('manage_custom_field_delete');
auth_reauthenticate();
access_ensure_global_level(config_get('manage_custom_fields_threshold'));
$f_field_id = gpc_get_int('field_id');
$f_return = strip_tags(gpc_get_string('return', 'manage_custom_field_page.php'));
$t_definition = custom_field_get_definition($f_field_id);
if (0 < count(custom_field_get_project_ids($f_field_id))) {
    helper_ensure_confirmed(lang_get('confirm_used_custom_field_deletion') . '<br/>' . lang_get('custom_field') . ': ' . string_attribute($t_definition['name']), lang_get('field_delete_button'));
} else {
    helper_ensure_confirmed(lang_get('confirm_custom_field_deletion') . '<br/>' . lang_get('custom_field') . ': ' . string_attribute($t_definition['name']), lang_get('field_delete_button'));
}
custom_field_destroy($f_field_id);
form_security_purge('manage_custom_field_delete');
html_page_top1();
html_meta_redirect($f_return);
html_page_top2();

# You should have received a copy of the GNU General Public License
# along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.
/**
 * @package MantisBT
 * @copyright Copyright (C) 2000 - 2002  Kenzaburo Ito - [email protected]
 * @copyright Copyright (C) 2002 - 2013  MantisBT Team - [email protected]
 * @link http://www.mantisbt.org
 */
/**
 * MantisBT Core API's
 */
require_once 'core.php';
require_once 'news_api.php';
require_once 'print_api.php';
news_ensure_enabled();
form_security_validate('news_add');
access_ensure_project_level(config_get('manage_news_threshold'));
$f_view_state = gpc_get_int('view_state');
$f_headline = gpc_get_string('headline');
$f_announcement = gpc_get_bool('announcement');
$f_body = gpc_get_string('body');
$t_news_id = news_create(helper_get_current_project(), auth_get_current_user_id(), $f_view_state, $f_announcement, $f_headline, $f_body);
form_security_purge('news_add');
$t_news_row = news_get_row($t_news_id);
html_page_top();
?>

<br />
<div align="center">
<?php 
echo lang_get('operation_successful') . '<br />';

 */
require_once( 'core.php' );
require_api( 'authentication_api.php' );
require_api( 'constant_inc.php' );
require_api( 'database_api.php' );
require_api( 'error_api.php' );
require_api( 'form_api.php' );
require_api( 'gpc_api.php' );
require_api( 'html_api.php' );
require_api( 'lang_api.php' );
require_api( 'print_api.php' );

define( 'PRINT_ALL_BUG_OPTIONS_INC_ALLOW', true );
include( dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'print_all_bug_options_inc.php' );

form_security_validate( 'print_all_bug_options_update' );

auth_ensure_user_authenticated();

$f_user_id		= gpc_get_int( 'user_id' );
$f_redirect_url	= gpc_get_string( 'redirect_url' );

# the check for the protected state is already done in the form, there is
# no need to duplicate it here.

# get the fields list
$t_field_name_arr = get_field_names();
$field_name_count = count($t_field_name_arr);

# check the checkboxes
for ($i=0 ; $i <$field_name_count ; $i++) {

 * @uses lang_api.php
 * @uses print_api.php
 * @uses project_api.php
 */
require_once 'core.php';
require_api('access_api.php');
require_api('authentication_api.php');
require_api('config_api.php');
require_api('form_api.php');
require_api('gpc_api.php');
require_api('helper_api.php');
require_api('html_api.php');
require_api('lang_api.php');
require_api('print_api.php');
require_api('project_api.php');
form_security_validate('manage_user_proj_delete');
auth_reauthenticate();
$f_project_id = gpc_get_int('project_id');
$f_user_id = gpc_get_int('user_id');
user_ensure_exists($f_user_id);
$t_user = user_get_row($f_user_id);
access_ensure_project_level(config_get('project_user_threshold'), $f_project_id);
access_ensure_project_level($t_user['access_level'], $f_project_id);
$t_project_name = project_get_name($f_project_id);
# Confirm with the user
helper_ensure_confirmed(lang_get('remove_user_sure_msg') . '<br/>' . lang_get('project_name_label') . lang_get('word_separator') . $t_project_name, lang_get('remove_user_button'));
project_remove_user($f_project_id, $f_user_id);
form_security_purge('manage_user_proj_delete');
$t_redirect_url = 'manage_user_edit_page.php?user_id=' . $f_user_id;
html_page_top(null, $t_redirect_url);
html_operation_successful($t_redirect_url);

 * This page stores the reported bug
 *
 * @package MantisBT
 * @copyright Copyright (C) 2000 - 2002  Kenzaburo Ito - [email protected]
 * @copyright Copyright (C) 2002 - 2013  MantisBT Team - [email protected]
 * @link http://www.mantisbt.org
 */
/**
 * MantisBT Core API's
 */
require_once 'core.php';
require_once 'string_api.php';
require_once 'file_api.php';
require_once 'bug_api.php';
require_once 'custom_field_api.php';
form_security_validate('bug_report');
$t_project_id = null;
$f_master_bug_id = gpc_get_int('m_id', 0);
if ($f_master_bug_id > 0) {
    bug_ensure_exists($f_master_bug_id);
    if (bug_is_readonly($f_master_bug_id)) {
        error_parameters($f_master_bug_id);
        trigger_error(ERROR_BUG_READ_ONLY_ACTION_DENIED, ERROR);
    }
    $t_master_bug = bug_get($f_master_bug_id, true);
    project_ensure_exists($t_master_bug->project_id);
    access_ensure_bug_level(config_get('update_bug_threshold', null, null, $t_master_bug->project_id), $f_master_bug_id);
    $t_project_id = $t_master_bug->project_id;
} else {
    $f_project_id = gpc_get_int('project_id');
    project_ensure_exists($f_project_id);

 * MantisBT Core API's
 */
require_once 'core.php';
require_api('access_api.php');
require_api('authentication_api.php');
require_api('bug_api.php');
require_api('bugnote_api.php');
require_api('config_api.php');
require_api('constant_inc.php');
require_api('error_api.php');
require_api('event_api.php');
require_api('form_api.php');
require_api('gpc_api.php');
require_api('print_api.php');
require_api('string_api.php');
form_security_validate('bugnote_update');
$f_bugnote_id = gpc_get_int('bugnote_id');
$f_bugnote_text = gpc_get_string('bugnote_text', '');
$f_time_tracking = gpc_get_string('time_tracking', '0:00');
# Check if the current user is allowed to edit the bugnote
$t_user_id = auth_get_current_user_id();
$t_reporter_id = bugnote_get_field($f_bugnote_id, 'reporter_id');
if ($t_user_id == $t_reporter_id) {
    access_ensure_bugnote_level(config_get('bugnote_user_edit_threshold'), $f_bugnote_id);
} else {
    access_ensure_bugnote_level(config_get('update_bugnote_threshold'), $f_bugnote_id);
}
# Check if the bug is readonly
$t_bug_id = bugnote_get_field($f_bugnote_id, 'bug_id');
if (bug_is_readonly($t_bug_id)) {
    error_parameters($t_bug_id);

 * @uses lang_api.php
 * @uses print_api.php
 */
/**
 * MantisBT Core API's
 */
require_once 'core.php';
require_api('authentication_api.php');
require_api('compress_api.php');
require_api('filter_api.php');
require_api('form_api.php');
require_api('gpc_api.php');
require_api('html_api.php');
require_api('lang_api.php');
require_api('print_api.php');
form_security_validate('query_delete');
auth_ensure_user_authenticated();
compress_enable();
$f_query_id = gpc_get_int('source_query_id');
$t_redirect_url = 'query_view_page.php';
if (!filter_db_can_delete_filter($f_query_id)) {
    print_header_redirect($t_redirect_url);
} else {
    html_page_top();
    filter_db_delete_filter($f_query_id);
    form_security_purge('query_delete');
    ?>
	<br />
	<div class="center">
	<strong><?php 
    print filter_db_get_name($f_query_id) . ' ' . lang_get('query_deleted');

 * @uses lang_api.php
 * @uses print_api.php
 * @uses user_api.php
 */
require_once 'core.php';
require_api('access_api.php');
require_api('authentication_api.php');
require_api('config_api.php');
require_api('constant_inc.php');
require_api('form_api.php');
require_api('gpc_api.php');
require_api('html_api.php');
require_api('lang_api.php');
require_api('print_api.php');
require_api('user_api.php');
form_security_validate('manage_user_reset');
auth_reauthenticate();
access_ensure_global_level(config_get('manage_user_threshold'));
$f_user_id = gpc_get_int('user_id');
user_ensure_exists($f_user_id);
$t_user = user_get_row($f_user_id);
# Ensure that the account to be reset is of equal or lower access to the
# current user.
access_ensure_global_level($t_user['access_level']);
# If the password can be changed, we reset it, otherwise we unlock
# the account (i.e. reset failed login count)
$t_reset = helper_call_custom_function('auth_can_change_password', array());
if ($t_reset) {
    $t_result = user_reset_password($f_user_id);
} else {
    $t_result = user_reset_failed_login_count_to_zero($f_user_id);

 * @uses config_api.php
 * @uses constant_inc.php
 * @uses form_api.php
 * @uses gpc_api.php
 * @uses helper_api.php
 * @uses lang_api.php
 * @uses print_api.php
 * @uses project_api.php
 */
require_once 'core.php';
require_api('access_api.php');
require_api('config_api.php');
require_api('constant_inc.php');
require_api('form_api.php');
require_api('gpc_api.php');
require_api('helper_api.php');
require_api('lang_api.php');
require_api('print_api.php');
require_api('project_api.php');
form_security_validate('adm_config_delete');
$f_user_id = gpc_get_int('user_id');
$f_project_id = gpc_get_int('project_id');
$f_config_option = gpc_get_string('config_option');
access_ensure_global_level(config_get('set_configuration_threshold'));
if ($f_project_id != ALL_PROJECTS) {
    project_ensure_exists($f_project_id);
}
helper_ensure_confirmed(lang_get('delete_config_sure_msg'), lang_get('delete_link'));
config_delete($f_config_option, $f_user_id, $f_project_id);
form_security_purge('adm_config_delete');
print_successful_redirect('adm_config_report.php');

# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.
/**
 * @package MantisBT
 * @copyright Copyright (C) 2000 - 2002  Kenzaburo Ito - [email protected]
 * @copyright Copyright (C) 2002 - 2012  MantisBT Team - [email protected]
 * @link http://www.mantisbt.org
 */
/**
 * MantisBT Core API's
 */
require_once 'core.php';
require_once 'custom_field_api.php';
form_security_validate('manage_proj_custom_field_add_existing');
auth_reauthenticate();
$f_field_id = gpc_get_int('field_id');
$f_project_id = gpc_get_int('project_id');
# We should check both since we are in the project section and an
#  admin might raise the first threshold and not realize they need
#  to raise the second
access_ensure_project_level(config_get('manage_project_threshold'), $f_project_id);
access_ensure_project_level(config_get('custom_field_link_threshold'), $f_project_id);
custom_field_link($f_field_id, $f_project_id);
form_security_purge('manage_proj_custom_field_add_existing');
$t_redirect_url = 'manage_proj_edit_page.php?project_id=' . $f_project_id;
html_page_top(null, $t_redirect_url);
?>

<br />

 */

/**
 * MantisBT Core API's
 */
require_once( 'core.php' );
require_api( 'access_api.php' );
require_api( 'authentication_api.php' );
require_api( 'config_api.php' );
require_api( 'constant_inc.php' );
require_api( 'form_api.php' );
require_api( 'gpc_api.php' );
require_api( 'print_api.php' );
require_api( 'project_api.php' );

form_security_validate( 'manage_proj_user_copy' );

auth_reauthenticate();

$f_project_id		= gpc_get_int( 'project_id' );
$f_other_project_id	= gpc_get_int( 'other_project_id' );
$f_copy_from		= gpc_get_bool( 'copy_from' );
$f_copy_to			= gpc_get_bool( 'copy_to' );

if ( $f_copy_from ) {
	$t_src_project_id = $f_other_project_id;
	$t_dst_project_id = $f_project_id;
} else if ( $f_copy_to ) {
	$t_src_project_id = $f_project_id;
	$t_dst_project_id = $f_other_project_id;
} else {

 * @uses html_api.php
 * @uses lang_api.php
 * @uses news_api.php
 * @uses print_api.php
 */
require_once 'core.php';
require_api('access_api.php');
require_api('config_api.php');
require_api('form_api.php');
require_api('gpc_api.php');
require_api('html_api.php');
require_api('lang_api.php');
require_api('news_api.php');
require_api('print_api.php');
news_ensure_enabled();
form_security_validate('news_update');
$f_news_id = gpc_get_int('news_id');
$f_project_id = gpc_get_int('project_id');
$f_view_state = gpc_get_int('view_state');
$f_headline = gpc_get_string('headline');
$f_announcement = gpc_get_string('announcement', '');
$f_body = gpc_get_string('body', '');
$row = news_get_row($f_news_id);
# Check both the old project and the new project
access_ensure_project_level(config_get('manage_news_threshold'), $row['project_id']);
access_ensure_project_level(config_get('manage_news_threshold'), $f_project_id);
news_update($f_news_id, $f_project_id, $f_view_state, $f_announcement, $f_headline, $f_body);
form_security_purge('news_update');
html_page_top();
echo '<div class="success-msg">';
echo lang_get('operation_successful');

# along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.
/**
 * Insert the bugnote into the database then redirect to the bug page
 *
 * @package MantisBT
 * @copyright Copyright (C) 2000 - 2002  Kenzaburo Ito - [email protected]
 * @copyright Copyright (C) 2002 - 2012  MantisBT Team - [email protected]
 * @link http://www.mantisbt.org
 */
/**
 * MantisBT Core API's
 */
require_once 'core.php';
require_once 'bug_api.php';
require_once 'bugnote_api.php';
form_security_validate('bugnote_add');
$f_bug_id = gpc_get_int('bug_id');
$f_private = gpc_get_bool('private');
$f_time_tracking = gpc_get_string('time_tracking', '0:00');
$f_bugnote_text = trim(gpc_get_string('bugnote_text', ''));
$t_bug = bug_get($f_bug_id, true);
if ($t_bug->project_id != helper_get_current_project()) {
    # in case the current project is not the same project of the bug we are viewing...
    # ... override the current project. This to avoid problems with categories and handlers lists etc.
    $g_project_override = $t_bug->project_id;
}
if (bug_is_readonly($f_bug_id)) {
    error_parameters($f_bug_id);
    trigger_error(ERROR_BUG_READ_ONLY_ACTION_DENIED, ERROR);
}
access_ensure_bug_level(config_get('add_bugnote_threshold'), $f_bug_id);

 * @uses config_api.php
 * @uses event_api.php
 * @uses form_api.php
 * @uses gpc_api.php
 * @uses print_api.php
 * @uses project_api.php
 */
require_once 'core.php';
require_api('access_api.php');
require_api('authentication_api.php');
require_api('config_api.php');
require_api('event_api.php');
require_api('form_api.php');
require_api('gpc_api.php');
require_api('print_api.php');
require_api('project_api.php');
form_security_validate('manage_proj_update');
auth_reauthenticate();
$f_project_id = gpc_get_int('project_id');
$f_name = gpc_get_string('name');
$f_description = gpc_get_string('description');
$f_status = gpc_get_int('status');
$f_view_state = gpc_get_int('view_state');
$f_file_path = gpc_get_string('file_path', '');
$f_enabled = gpc_get_bool('enabled');
$f_inherit_global = gpc_get_bool('inherit_global', 0);
access_ensure_project_level(config_get('manage_project_threshold'), $f_project_id);
project_update($f_project_id, $f_name, $f_description, $f_status, $f_view_state, $f_file_path, $f_enabled, $f_inherit_global);
event_signal('EVENT_MANAGE_PROJECT_UPDATE', array($f_project_id));
form_security_purge('manage_proj_update');
print_header_redirect('manage_proj_page.php');

require_api('helper_api.php');
require_api('html_api.php');
require_api('lang_api.php');
require_api('print_api.php');
require_api('string_api.php');
require_api('utility_api.php');
require_api('version_api.php');
auth_ensure_user_authenticated();
helper_begin_long_process();
$f_action = gpc_get_string('action');
$f_custom_field_id = gpc_get_int('custom_field_id', 0);
$f_bug_arr = gpc_get_int_array('bug_arr', array());
$f_bug_notetext = gpc_get_string('bugnote_text', '');
$f_bug_noteprivate = gpc_get_bool('private');
$t_form_name = 'bug_actiongroup_' . $f_action;
form_security_validate($t_form_name);
$t_custom_group_actions = config_get('custom_group_actions');
foreach ($t_custom_group_actions as $t_custom_group_action) {
    if ($f_action == $t_custom_group_action['action']) {
        require_once $t_custom_group_action['action_page'];
        exit;
    }
}
$t_failed_ids = array();
if (0 != $f_custom_field_id) {
    $t_custom_field_def = custom_field_get_definition($f_custom_field_id);
}
foreach ($f_bug_arr as $t_bug_id) {
    bug_ensure_exists($t_bug_id);
    $t_bug = bug_get($t_bug_id, true);
    if ($t_bug->project_id != helper_get_current_project()) {