1<?php
2# MantisBT - A PHP based bugtracking system
3
4# MantisBT is free software: you can redistribute it and/or modify
5# it under the terms of the GNU General Public License as published by
6# the Free Software Foundation, either version 2 of the License, or
7# (at your option) any later version.
8#
9# MantisBT is distributed in the hope that it will be useful,
10# but WITHOUT ANY WARRANTY; without even the implied warranty of
11# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12# GNU General Public License for more details.
13#
14# You should have received a copy of the GNU General Public License
15# along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.
16
17/**
18 * Mantis Configuration. View, edit, update a configuration option.
19 * @package MantisBT
20 * @copyright Copyright 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
21 * @copyright Copyright 2002  MantisBT Team - mantisbt-dev@lists.sourceforge.net
22 * @link http://www.mantisbt.org
23 *
24 * @uses core.php
25 * @uses access_api
26 * @uses config_api
27 * @uses constant_inc.php
28 * @uses error_api
29 * @uses form_api
30 * @uses gpc_api
31 * @uses helper_api
32 * @uses lang_api
33 * @uses layout_api
34 * @uses print_api
35 * @uses string_api
36 * @uses user_api
37 */
38
39require_once( 'core.php' );
40require_api( 'access_api.php' );
41require_api( 'config_api.php' );
42require_api( 'constant_inc.php' );
43require_api( 'error_api.php' );
44require_api( 'form_api.php' );
45require_api( 'gpc_api.php' );
46require_api( 'helper_api.php' );
47require_api( 'lang_api.php' );
48require_api( 'layout_api.php' );
49require_api( 'print_api.php' );
50require_api( 'string_api.php' );
51require_api( 'user_api.php' );
52
53access_ensure_global_level( config_get( 'view_configuration_threshold' ) );
54$t_has_write_access = access_has_global_level( config_get( 'set_configuration_threshold' ) );
55
56layout_page_header( lang_get( 'configuration_report' ) );
57layout_page_begin( 'manage_overview_page.php' );
58
59print_manage_menu( PAGE_CONFIG_DEFAULT );
60print_manage_config_menu( 'adm_config_report.php' );
61
62# Get request values
63$f_edit_user_id         = gpc_get_int( 'user_id', ALL_USERS );
64$f_edit_project_id      = gpc_get_int( 'project_id', ALL_PROJECTS );
65$f_edit_option          = gpc_get_string( 'config_option', null );
66$f_edit_action          = gpc_get_string( 'action', MANAGE_CONFIG_ACTION_VIEW );
67
68# Ensure we exclusively use one of the defined, valid actions (XSS protection)
69$t_valid_actions = array(
70	MANAGE_CONFIG_ACTION_CREATE,
71	MANAGE_CONFIG_ACTION_CLONE,
72	MANAGE_CONFIG_ACTION_EDIT,
73	MANAGE_CONFIG_ACTION_VIEW
74);
75$t_edit_action = in_array( $f_edit_action, $t_valid_actions )
76	? $f_edit_action
77	: MANAGE_CONFIG_ACTION_CREATE;
78
79# if not creating a new option, the option name is required
80if( MANAGE_CONFIG_ACTION_CREATE != $t_edit_action && null == $f_edit_option ) {
81	error_parameters( 'config_option' );
82	trigger_error( ERROR_EMPTY_FIELD, ERROR );
83}
84
85# see if the user can modify configuration options
86$t_modify = MANAGE_CONFIG_ACTION_VIEW != $t_edit_action
87		&& $t_has_write_access
88		&& config_can_delete( $f_edit_option );
89
90# if can't modify, switch antion to "view"
91if( !$t_modify ) {
92	$t_edit_action = MANAGE_CONFIG_ACTION_VIEW;
93}
94
95$t_action_label = lang_get( 'set_configuration_option_action_' . $t_edit_action );
96
97if( MANAGE_CONFIG_ACTION_CREATE != $t_edit_action ) {
98	# retrieve existing config data from database for this option
99	$t_query = new DbQuery( 'SELECT * FROM {config} WHERE config_id = :config AND user_id = :user AND project_id = :project' );
100	$t_query->bind_values(  array(
101			'config' => $f_edit_option,
102			'user' => $f_edit_user_id,
103			'project' => $f_edit_project_id
104		) );
105	$t_config_row = $t_query->fetch();
106
107	if( !$t_config_row ) {
108		# this error will be triggered if the exact config combination does not exist in database
109		error_parameters( $f_edit_option );
110		trigger_error( ERROR_CONFIG_OPT_NOT_FOUND, ERROR );
111	}
112	$t_option_user_id = (int)$t_config_row['user_id'];
113	$t_option_project_id = (int)$t_config_row['project_id'];
114	$t_option_id = $t_config_row['config_id'];
115	$t_option_type = $t_config_row['type'];
116	$t_option_value = $t_config_row['value'];
117} else {
118	# action is MANAGE_CONFIG_ACTION_CREATE
119	# prepare new or default values
120	$t_option_user_id = $f_edit_user_id;
121	$t_option_project_id = $f_edit_project_id;
122	$t_option_id = $f_edit_option;
123	$t_option_type = CONFIG_TYPE_DEFAULT;
124	$t_option_value = '';
125
126	if( null != $t_option_id ) {
127		# if an option has been provided,
128		# make sure that configuration option specified is a valid one.
129		$t_not_found_value = '***CONFIG OPTION NOT FOUND***';
130		if( config_get( $t_option_id, $t_not_found_value ) === $t_not_found_value ) {
131			error_parameters( $t_option_id );
132			trigger_error( ERROR_CONFIG_OPT_NOT_FOUND, ERROR );
133		}
134	}
135}
136
137?>
138
139<div class="col-md-12 col-xs-12">
140	<div class="space-10"></div>
141
142	<div id="config-edit-div">
143		<form id="config_set_form" method="post" action="<?php echo ( $t_modify? 'adm_config_set.php' : '' ) ?>">
144
145			<!-- Title -->
146			<div class="widget-box widget-color-blue2">
147				<div class="widget-header widget-header-small">
148					<h4 class="widget-title lighter">
149						<?php print_icon( 'fa-sliders', 'ace-icon' ); ?>
150						<?php echo $t_action_label; ?>
151					</h4>
152				</div>
153
154				<div class="widget-body">
155					<div class="widget-main no-padding">
156						<div id="config-edit-div" class="form-container">
157							<div class="table-responsive">
158
159		<table class="table table-bordered table-condensed table-striped">
160			<fieldset>
161				<?php
162					if( $t_modify ) {
163						echo form_security_field( 'adm_config_set' );
164					}
165				?>
166
167				<!-- Username -->
168				<tr>
169					<td class="category">
170						<?php echo lang_get( 'username' ) ?>
171					</td>
172					<td>
173						<?php
174						if( $t_modify ) {
175						?>
176						<select id="config-user-id" name="user_id" class="input-sm">
177							<option value="<?php echo ALL_USERS; ?>"
178								<?php check_selected( $t_option_user_id, ALL_USERS ) ?>>
179								<?php echo lang_get( 'all_users' ); ?>
180							</option>
181							<?php print_user_option_list( $t_option_user_id ) ?>
182						</select>
183						<input type="hidden" name="original_user_id" value="<?php echo $t_option_user_id; ?>" />
184						<?php
185						} else {
186							$t_username = ALL_USERS == $t_option_user_id ? lang_get( 'all_users' ) : user_get_name( $t_option_user_id );
187							echo string_display_line( $t_username );
188						}
189						?>
190					</td>
191				</tr>
192
193				<!-- Project -->
194				<tr>
195					<td class="category">
196						<?php echo lang_get( 'project_name' ) ?>
197					</td>
198					<td>
199						<?php
200						if( $t_modify ) {
201						?>
202						<select id="config-project-id" name="project_id" class="input-sm">
203							<option value="<?php echo ALL_PROJECTS; ?>"
204								<?php check_selected( $t_option_project_id, ALL_PROJECTS ); ?>>
205								<?php echo lang_get( 'all_projects' ); ?>
206							</option>
207							<?php print_project_option_list( $t_option_project_id, false ) ?>
208						</select>
209						<input type="hidden" name="original_project_id" value="<?php echo $t_option_project_id; ?>" />
210						<?php
211						} else {
212							echo string_display_line( project_get_name( $t_option_project_id ) );
213						}
214						?>
215					</td>
216				</tr>
217
218				<!-- Config option name -->
219				<tr>
220					<td class="category">
221						<?php echo lang_get( 'configuration_option' ) ?>
222					</td>
223					<td>
224						<?php
225						if( $t_modify ) {
226						?>
227						<input type="text" name="config_option" class="input-sm"
228							   value="<?php echo string_display_line( $t_option_id ); ?>"
229							   size="64" maxlength="64" />
230						<input type="hidden" name="original_config_option" value="<?php echo string_display_line( $t_option_id ); ?>" />
231						<?php
232						} else {
233							echo string_display_line( $t_option_id );
234						}
235						?>
236					</td>
237				</tr>
238
239				<!-- Option type -->
240				<tr>
241					<td class="category">
242						<?php echo lang_get( 'configuration_option_type' ) ?>
243					</td>
244					<td>
245						<?php
246						if( $t_modify ) {
247						?>
248						<select id="config-type" name="type" class="input-sm">
249							<?php print_option_list_from_array( config_get_types(), $t_option_type ); ?>
250						</select>
251						<?php
252						} else {
253							echo string_display_line( config_get_type_string( $t_option_type ) );
254						}
255						?>
256					</td>
257				</tr>
258
259				<!-- Option Value -->
260				<tr>
261					<td class="category">
262						<?php echo lang_get( 'configuration_option_value' ) ?>
263					</td>
264					<td>
265						<?php
266						if( $t_modify ) {
267						?>
268						<textarea class="form-control" name="value" cols="80" rows="10"><?php
269							echo config_get_value_as_string( $t_option_type, $t_option_value, false );
270							?></textarea>
271						<?php
272						} else {
273							echo config_get_value_as_string( $t_option_type, $t_option_value, true );
274						}
275						?>
276					</td>
277				</tr>
278			</fieldset>
279		</table>
280							</div>
281
282						</div>
283						<div class="widget-toolbox padding-4 clearfix">
284						<?php
285						if( $t_modify ) {
286						?>
287							<input type="hidden" name="action" value="<?php echo $t_edit_action; ?>" />
288							<input type="submit" name="config_set" class="btn btn-primary btn-white btn-round"
289								value="<?php echo $t_action_label; ?>"/>
290						<?php
291						}
292						?>
293						</div>
294					</div>
295				</div>
296			</div>
297		</form>
298	</div>
299</div>
300
301<?php
302layout_page_end();
303