Eventum: Difference between revisions

From RavenWiki
Jump to navigationJump to search
No edit summary
 
Line 55: Line 55:
  exit;
  exit;
}
}
// handle aliases since the user is now authenticated
$_POST['email'] = User::getEmail(User::getUserIDByEmail($_POST['email'], true));


// check if this user is really an active one
// check if this user is really an active one

Revision as of 12:46, 23 September 2009

Eventum is a bug tracking system. See: http://forge.mysql.com/wiki/Eventum/

Notes

  • This is a very basic implementation of ucam_webauth. I advise that you start with a standard install, and then change the admin user's email address to your own (see next bullet point for format) before using this code.
  • This code assumes email addresses of the form CRSID@cam.ac.uk.
  • Eventum cookies aren't session cookies. When developing, it can help to clear cookies manually, esp. for anything to do with auth.
  • It's impossible to delete users, except in the database. And not if they own any tickets. Users can, however, be inactive.

Ravenising

The only file that needs editing is index.php, where the usual login procedures can be circumvented:

<?php
// Modified by tdm27
// 2009-09-23

require_once(dirname(__FILE__) . '/init.php');
require_once(APP_INC_PATH . "class.template.php");
require_once(APP_INC_PATH . "class.auth.php");
require_once(APP_INC_PATH . "db_access.php");

// check if templates_c is writable by the web server user
if (!Misc::isWritableDirectory(APP_TPL_COMPILE_PATH)) {
 $errors = array("Directory '" . APP_TPL_COMPILE_PATH . "' is not writable.");
 Misc::displayRequirementErrors($errors);
 exit;
}

$tpl = new Template_API();
$tpl->setTemplate("index.tpl.html");

if (Auth::hasValidCookie(APP_COOKIE)) {
 $cookie = Auth::getCookieInfo(APP_COOKIE);
 if (!empty($_REQUEST["url"])) {
     $extra = '?url=' . $_REQUEST["url"];
 } else {
     $extra = '';
 }
 Auth::redirect(APP_RELATIVE_URL . "select_project.php" . $extra);
}


/*
* Bits cribbed and mangled from login.php to make mod_ucam_webauth handle the login
* duties. We don't want to see a login box.  -- tdm27
*
*/
$ucamemail=$_SERVER['REMOTE_USER'].'@cam.ac.uk';
// check if user exists
if (!Auth::userExists($ucamemail)) {
 Auth::saveLoginAttempt($ucamemail, 'failure', 'unknown user');
//    Auth::redirect(APP_RELATIVE_URL . "index.php?err=3");
 print "<h3>Unknown user. Sorry.</h3>\n";
 exit;
}

// check if this user is really an active one
if (!Auth::isActiveUser($ucamemail)) {
 Auth::saveLoginAttempt($ucamemail, 'failure', 'inactive user');
 Auth::redirect(APP_RELATIVE_URL . "index.php?err=7", $is_popup);
}

Auth::saveLoginAttempt($ucamemail, 'success');
// redirect to the initial page
@Auth::createLoginCookie(APP_COOKIE, $ucamemail);
Session::init(User::getUserIDByEmail($ucamemail));
if (!empty($_POST["url"])) {
 $extra = '?url=' . urlencode($_POST["url"]);
} else {
 $extra = '';
}
Auth::redirect(APP_RELATIVE_URL . "select_project.php" . $extra);