Eventum: Difference between revisions
From RavenWiki
Jump to navigationJump to search
No edit summary |
|||
| Line 55: | Line 55: | ||
exit; | exit; | ||
} | } | ||
// check if this user is really an active one | // check if this user is really an active one | ||
Revision as of 12:46, 23 September 2009
Eventum is a bug tracking system. See: http://forge.mysql.com/wiki/Eventum/
Notes
- This is a very basic implementation of ucam_webauth. I advise that you start with a standard install, and then change the admin user's email address to your own (see next bullet point for format) before using this code.
- This code assumes email addresses of the form CRSID@cam.ac.uk.
- Eventum cookies aren't session cookies. When developing, it can help to clear cookies manually, esp. for anything to do with auth.
- It's impossible to delete users, except in the database. And not if they own any tickets. Users can, however, be inactive.
Ravenising
The only file that needs editing is index.php, where the usual login procedures can be circumvented:
<?php
// Modified by tdm27
// 2009-09-23
require_once(dirname(__FILE__) . '/init.php');
require_once(APP_INC_PATH . "class.template.php");
require_once(APP_INC_PATH . "class.auth.php");
require_once(APP_INC_PATH . "db_access.php");
// check if templates_c is writable by the web server user
if (!Misc::isWritableDirectory(APP_TPL_COMPILE_PATH)) {
$errors = array("Directory '" . APP_TPL_COMPILE_PATH . "' is not writable.");
Misc::displayRequirementErrors($errors);
exit;
}
$tpl = new Template_API();
$tpl->setTemplate("index.tpl.html");
if (Auth::hasValidCookie(APP_COOKIE)) {
$cookie = Auth::getCookieInfo(APP_COOKIE);
if (!empty($_REQUEST["url"])) {
$extra = '?url=' . $_REQUEST["url"];
} else {
$extra = '';
}
Auth::redirect(APP_RELATIVE_URL . "select_project.php" . $extra);
}
/*
* Bits cribbed and mangled from login.php to make mod_ucam_webauth handle the login
* duties. We don't want to see a login box. -- tdm27
*
*/
$ucamemail=$_SERVER['REMOTE_USER'].'@cam.ac.uk';
// check if user exists
if (!Auth::userExists($ucamemail)) {
Auth::saveLoginAttempt($ucamemail, 'failure', 'unknown user');
// Auth::redirect(APP_RELATIVE_URL . "index.php?err=3");
print "<h3>Unknown user. Sorry.</h3>\n";
exit;
}
// check if this user is really an active one
if (!Auth::isActiveUser($ucamemail)) {
Auth::saveLoginAttempt($ucamemail, 'failure', 'inactive user');
Auth::redirect(APP_RELATIVE_URL . "index.php?err=7", $is_popup);
}
Auth::saveLoginAttempt($ucamemail, 'success');
// redirect to the initial page
@Auth::createLoginCookie(APP_COOKIE, $ucamemail);
Session::init(User::getUserIDByEmail($ucamemail));
if (!empty($_POST["url"])) {
$extra = '?url=' . urlencode($_POST["url"]);
} else {
$extra = '';
}
Auth::redirect(APP_RELATIVE_URL . "select_project.php" . $extra);
