Eventum

From RavenWiki
Jump to navigationJump to search
The Raven-related software described on this page is NOT supported or maintained by University Information Services. It is provided here in the hope that it may be useful, but it may contain bugs and security vulnerabilities. It may be supported and maintained by others. You should evaluate whether it meets you particular needs before using it.

Eventum is a bug tracking system. See: http://forge.mysql.com/wiki/Eventum/

Notes

  • This is a very basic implementation of ucam_webauth. I advise that you start with a standard install, and then change the admin user's email address to your own (see next bullet point for format) before using this code.
  • This code assumes email addresses of the form CRSID@cam.ac.uk.
  • Eventum cookies aren't session cookies. When developing, it can help to clear cookies manually, esp. for anything to do with auth.
  • It's impossible to delete users, except in the database. And not if they own any tickets. Users can, however, be inactive.

Ravenising

The only file that needs editing is index.php, where the usual login procedures can be circumvented:

<?php
// Modified by tdm27
// 2009-09-23

require_once(dirname(__FILE__) . '/init.php');
require_once(APP_INC_PATH . "class.template.php");
require_once(APP_INC_PATH . "class.auth.php");
require_once(APP_INC_PATH . "db_access.php");

// check if templates_c is writable by the web server user
if (!Misc::isWritableDirectory(APP_TPL_COMPILE_PATH)) {
 $errors = array("Directory '" . APP_TPL_COMPILE_PATH . "' is not writable.");
 Misc::displayRequirementErrors($errors);
 exit;
}

$tpl = new Template_API();
$tpl->setTemplate("index.tpl.html");

if (Auth::hasValidCookie(APP_COOKIE)) {
 $cookie = Auth::getCookieInfo(APP_COOKIE);
 if (!empty($_REQUEST["url"])) {
     $extra = '?url=' . $_REQUEST["url"];
 } else {
     $extra = '';
 }
 Auth::redirect(APP_RELATIVE_URL . "select_project.php" . $extra);
}


/*
* Bits cribbed and mangled from login.php to make mod_ucam_webauth handle the login
* duties. We don't want to see a login box.  -- tdm27
*
*/
$ucamemail=$_SERVER['REMOTE_USER'].'@cam.ac.uk';
// check if user exists
if (!Auth::userExists($ucamemail)) {
 Auth::saveLoginAttempt($ucamemail, 'failure', 'unknown user');
//    Auth::redirect(APP_RELATIVE_URL . "index.php?err=3");
 print "<h3>Unknown user. Sorry.</h3>\n";
 exit;
}

// check if this user is really an active one
if (!Auth::isActiveUser($ucamemail)) {
 Auth::saveLoginAttempt($ucamemail, 'failure', 'inactive user');
 Auth::redirect(APP_RELATIVE_URL . "index.php?err=7", $is_popup);
}

Auth::saveLoginAttempt($ucamemail, 'success');
// redirect to the initial page
@Auth::createLoginCookie(APP_COOKIE, $ucamemail);
Session::init(User::getUserIDByEmail($ucamemail));
if (!empty($_POST["url"])) {
 $extra = '?url=' . urlencode($_POST["url"]);
} else {
 $extra = '';
}
Auth::redirect(APP_RELATIVE_URL . "select_project.php" . $extra);