Eventum: Difference between revisions
From RavenWiki
Jump to navigationJump to search
No edit summary |
(Added 'Unsupported' baner) |
||
(One intermediate revision by one other user not shown) | |||
Line 1: | Line 1: | ||
{{unsupported}} | |||
Eventum is a bug tracking system. See: http://forge.mysql.com/wiki/Eventum/ | Eventum is a bug tracking system. See: http://forge.mysql.com/wiki/Eventum/ | ||
Line 55: | Line 57: | ||
exit; | exit; | ||
} | } | ||
// check if this user is really an active one | // check if this user is really an active one |
Latest revision as of 12:37, 17 June 2015
The Raven-related software described on this page is NOT supported or maintained by University Information Services.
It is provided here in the hope that it may be useful, but it may contain bugs and security vulnerabilities. It may be supported and maintained by others. You should evaluate whether it meets you particular needs before using it.
Eventum is a bug tracking system. See: http://forge.mysql.com/wiki/Eventum/
Notes
- This is a very basic implementation of ucam_webauth. I advise that you start with a standard install, and then change the admin user's email address to your own (see next bullet point for format) before using this code.
- This code assumes email addresses of the form CRSID@cam.ac.uk.
- Eventum cookies aren't session cookies. When developing, it can help to clear cookies manually, esp. for anything to do with auth.
- It's impossible to delete users, except in the database. And not if they own any tickets. Users can, however, be inactive.
Ravenising
The only file that needs editing is index.php, where the usual login procedures can be circumvented:
<?php // Modified by tdm27 // 2009-09-23 require_once(dirname(__FILE__) . '/init.php'); require_once(APP_INC_PATH . "class.template.php"); require_once(APP_INC_PATH . "class.auth.php"); require_once(APP_INC_PATH . "db_access.php"); // check if templates_c is writable by the web server user if (!Misc::isWritableDirectory(APP_TPL_COMPILE_PATH)) { $errors = array("Directory '" . APP_TPL_COMPILE_PATH . "' is not writable."); Misc::displayRequirementErrors($errors); exit; } $tpl = new Template_API(); $tpl->setTemplate("index.tpl.html"); if (Auth::hasValidCookie(APP_COOKIE)) { $cookie = Auth::getCookieInfo(APP_COOKIE); if (!empty($_REQUEST["url"])) { $extra = '?url=' . $_REQUEST["url"]; } else { $extra = ''; } Auth::redirect(APP_RELATIVE_URL . "select_project.php" . $extra); } /* * Bits cribbed and mangled from login.php to make mod_ucam_webauth handle the login * duties. We don't want to see a login box. -- tdm27 * */ $ucamemail=$_SERVER['REMOTE_USER'].'@cam.ac.uk'; // check if user exists if (!Auth::userExists($ucamemail)) { Auth::saveLoginAttempt($ucamemail, 'failure', 'unknown user'); // Auth::redirect(APP_RELATIVE_URL . "index.php?err=3"); print "<h3>Unknown user. Sorry.</h3>\n"; exit; } // check if this user is really an active one if (!Auth::isActiveUser($ucamemail)) { Auth::saveLoginAttempt($ucamemail, 'failure', 'inactive user'); Auth::redirect(APP_RELATIVE_URL . "index.php?err=7", $is_popup); } Auth::saveLoginAttempt($ucamemail, 'success'); // redirect to the initial page @Auth::createLoginCookie(APP_COOKIE, $ucamemail); Session::init(User::getUserIDByEmail($ucamemail)); if (!empty($_POST["url"])) { $extra = '?url=' . urlencode($_POST["url"]); } else { $extra = ''; } Auth::redirect(APP_RELATIVE_URL . "select_project.php" . $extra);