PHP access_ensure_global_level函数代码示例

    $t_user_id = gpc_get_int('user_id');
} else {
    $t_user_id = user_get_id_by_name($f_username);
    if ($t_user_id === false) {
        # If we can't find the user by name, attempt to find by email.
        $t_user_id = user_get_id_by_email($f_username);
        if ($t_user_id === false) {
            error_parameters($f_username);
            trigger_error(ERROR_USER_BY_NAME_NOT_FOUND, ERROR);
        }
    }
}
$t_user = user_get_row($t_user_id);
# Ensure that the account to be updated is of equal or lower access to the
# current user.
access_ensure_global_level($t_user['access_level']);
$t_ldap = LDAP == config_get('login_method');
html_page_top();
print_manage_menu();
?>

<br />


<!-- USER INFO -->
<div align="center">
<form method="post" action="manage_user_update.php">
<?php 
echo form_security_field('manage_user_update');
?>
<table class="width75" cellspacing="1">

 * @uses lang_api.php
 * @uses print_api.php
 */
require_once 'core.php';
require_api('access_api.php');
require_api('authentication_api.php');
require_api('config_api.php');
require_api('current_user_api.php');
require_api('event_api.php');
require_api('form_api.php');
require_api('gpc_api.php');
require_api('html_api.php');
require_api('lang_api.php');
require_api('print_api.php');
auth_reauthenticate();
access_ensure_global_level(config_get('create_project_threshold'));
html_page_top();
print_manage_menu('manage_proj_create_page.php');
$f_parent_id = gpc_get('parent_id', null);
if (project_table_empty()) {
    echo '<br />';
    echo '<div id="create-first-project" class="important-msg">';
    echo '<ul>';
    echo '<li>' . lang_get('create_first_project') . '</li>';
    echo '</ul>';
    echo '</div>';
}
?>

<div id="manage-project-create-div" class="form-container">
	<form method="post" id="manage-project-create-form" action="manage_proj_create.php">

<?php

# Copyright (c) 2012 John Reese
# Licensed under the MIT license
require_once config_get('plugin_path') . 'Source/Source.ViewAPI.php';
access_ensure_global_level(plugin_config_get('view_threshold'));
$f_offset = gpc_get_int('offset', 1);
$f_perpage = 25;
require_once config_get('plugin_path') . 'Source' . DIRECTORY_SEPARATOR . 'Source.FilterAPI.php';
# Generate listing
list($t_filter, $t_permalink) = Source_Generate_Filter();
list($t_changesets, $t_count) = $t_filter->find($f_offset);
$t_repos = SourceRepo::load_by_changesets($t_changesets);
html_page_top1(plugin_lang_get('title'));
html_page_top2();
?>

<br/>
<table class="width100" align="center" cellspacing="1">

<tr>
<td class="form-title" colspan="2"><?php 
echo plugin_lang_get('search_changesets');
?>
</td>
<td class="right" colspan="2">
<?php 
print_bracket_link(plugin_page('search') . $t_permalink, plugin_lang_get('permalink'));
print_bracket_link(plugin_page('search_page') . $t_permalink, plugin_lang_get('modify_search'));
print_bracket_link(plugin_page('search_page'), plugin_lang_get('new_search'));
?>

    $t_email = email_append_domain(trim($f_email));
    email_ensure_valid($t_email);
    email_ensure_not_disposable($t_email);
}
$c_email = $t_email;
$c_username = $f_username;
$c_realname = $t_realname;
$c_protected = db_prepare_bool($f_protected);
$c_enabled = db_prepare_bool($f_enabled);
$c_user_id = db_prepare_int($f_user_id);
$c_access_level = db_prepare_int($f_access_level);
$t_user_table = db_get_table('user');
$t_old_protected = $t_user['protected'];
# Ensure that users aren't escalating privileges of accounts beyond their
# own global access level.
access_ensure_global_level($f_access_level);
# check that we are not downgrading the last administrator
$t_admin_threshold = config_get_global('admin_site_threshold');
if (user_is_administrator($f_user_id) && $f_access_level < $t_admin_threshold && user_count_level($t_admin_threshold) <= 1) {
    trigger_error(ERROR_USER_CHANGE_LAST_ADMIN, ERROR);
}
# Project specific access rights override global levels, hence, for users who are changed
# to be administrators, we have to remove project specific rights.
if ($f_access_level >= $t_admin_threshold && !user_is_administrator($f_user_id)) {
    user_delete_project_specific_access_levels($f_user_id);
}
# if the user is already protected and the admin is not removing the
#  protected flag then don't update the access level and enabled flag.
#  If the user was unprotected or the protected flag is being turned off
#  then proceed with a full update.
$query_params = array();

        $f_os_build = gpc_get_string('os_build');
        $f_description = gpc_get_string('description');
        if (profile_is_global($f_profile_id)) {
            access_ensure_global_level(config_get('manage_global_profile_threshold'));
            profile_update(ALL_USERS, $f_profile_id, $f_platform, $f_os, $f_os_build, $f_description);
            form_security_purge('profile_update');
            print_header_redirect('manage_prof_menu_page.php');
        } else {
            profile_update(auth_get_current_user_id(), $f_profile_id, $f_platform, $f_os, $f_os_build, $f_description);
            form_security_purge('profile_update');
            print_header_redirect('account_prof_menu_page.php');
        }
        break;
    case 'delete':
        if (profile_is_global($f_profile_id)) {
            access_ensure_global_level(config_get('manage_global_profile_threshold'));
            profile_delete(ALL_USERS, $f_profile_id);
            form_security_purge('profile_update');
            print_header_redirect('manage_prof_menu_page.php');
        } else {
            profile_delete(auth_get_current_user_id(), $f_profile_id);
            form_security_purge('profile_update');
            print_header_redirect('account_prof_menu_page.php');
        }
        break;
    case 'make_default':
        current_user_set_pref('default_profile', $f_profile_id);
        form_security_purge('profile_update');
        print_header_redirect('account_prof_menu_page.php');
        break;
}

<?php

/**************************************************************************
 MantisBT Seeder Plugin
 Copyright (c) MantisHub - Victor Boctor
 All rights reserved.
 MIT License
 **************************************************************************/
access_ensure_global_level(ADMINISTRATOR);
require_once dirname(dirname(__FILE__)) . '/core/Seeder.php';
html_page_top1();
html_meta_redirect(plugin_page('config_page'));
html_page_top2();
$f_create_issues = gpc_isset('create_issues');
$g_enable_email_notification = OFF;
$t_seeder = new Seeder();
if ($f_create_issues !== OFF) {
    $t_project_ids = $t_seeder->createProjects();
    $t_seeder->createIssues($t_project_ids);
}
echo '<div class="success-msg">';
echo lang_get('operation_successful');
echo '</div>';
html_page_bottom();

/**
 * Delete a tag with the given ID.
 * @param integer Tag ID
 */
function tag_delete($p_tag_id)
{
    tag_ensure_exists($p_tag_id);
    access_ensure_global_level(config_get('tag_edit_threshold'));
    $t_bugs = tag_get_bugs_attached($p_tag_id);
    foreach ($t_bugs as $t_bug_id) {
        tag_bug_detach($p_tag_id, $t_bug_id);
    }
    $c_tag_id = db_prepare_int($p_tag_id);
    $t_tag_table = config_get('mantis_tag_table');
    $t_bug_tag_table = config_get('mantis_bug_tag_table');
    $query = "DELETE FROM {$t_tag_table}\r\n\t\t\t\t\tWHERE id='{$c_tag_id}'";
    db_query($query);
    return true;
}

# --------------------------------------------------------
# This page stores the reported bug
require_once 'core.php';
$t_core_path = config_get('core_path');
# helper_ensure_post();
$f_user_id = gpc_get_int('user_id');
$f_project_id = gpc_get_int('project_id');
$f_config_option = gpc_get_string('config_option');
$f_type = gpc_get_string('type');
$f_value = gpc_get_string('value');
if (is_blank($f_config_option)) {
    error_parameters('config_option');
    trigger_error(ERROR_EMPTY_FIELD, ERROR);
}
if ($f_project_id == ALL_PROJECTS) {
    access_ensure_global_level(config_get('set_configuration_threshold'));
} else {
    access_ensure_project_level(config_get('set_configuration_threshold'), $f_project_id);
}
# make sure that configuration option specified is a valid one.
$t_not_found_value = '***CONFIG OPTION NOT FOUND***';
if (config_get_global($f_config_option, $t_not_found_value) === $t_not_found_value) {
    error_parameters($f_config_option);
    trigger_error(ERROR_CONFIG_OPT_NOT_FOUND, ERROR);
}
# make sure that configuration option specified can be stored in the database
if (!config_can_set_in_database($f_config_option)) {
    error_parameters($f_config_option);
    trigger_error(ERROR_CONFIG_OPT_CANT_BE_SET_IN_DB, ERROR);
}
if ($f_type === 'default') {

/**
 * Uninstall a plugin from the database.
 * @param MantisPlugin $p_plugin Plugin basename.
 * @return void
 */
function plugin_uninstall(MantisPlugin $p_plugin)
{
    access_ensure_global_level(config_get_global('manage_plugin_threshold'));
    if (!plugin_is_installed($p_plugin->basename) || plugin_protected($p_plugin->basename)) {
        return;
    }
    db_param_push();
    $t_query = 'DELETE FROM {plugin} WHERE basename=' . db_param();
    db_query($t_query, array($p_plugin->basename));
    plugin_push_current($p_plugin->basename);
    $p_plugin->uninstall();
    plugin_pop_current();
}

<?php

require_once __DIR__ . DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPARATOR . 'core' . DIRECTORY_SEPARATOR . 'uvConst.php';
require_once __DIR__ . DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPARATOR . 'core' . DIRECTORY_SEPARATOR . 'userprojectapi.php';
auth_reauthenticate();
access_ensure_global_level(plugin_config_get('UserProjectAccessLevel'));
html_page_top1(plugin_lang_get('config_title'));
html_page_top2();
print_manage_menu();
echo '<script type="text/javascript" src="plugins/UserProjectView/javascript/jscolor/jscolor.js"></script>';
echo '<br/>';
echo '<form action="' . plugin_page('config_update') . '" method="post">';
echo form_security_field('plugin_UserProjectView_config_update');
if (userprojectapi::is_mantis_rel()) {
    echo '<table align="center" class="width75" cellspacing="1">';
} else {
    echo '<div class="form-container">';
    echo '<table>';
}
print_config_table_title_row(5, 'config_caption');
print_config_table_row();
echo '<td class="category" colspan="2">';
echo '<span class="required">*</span>' . plugin_lang_get('config_accesslevel');
echo '</td>';
echo '<td width="100px" colspan="5">';
echo '<select name="UserProjectAccessLevel">';
print_enum_string_option_list('access_levels', plugin_config_get('UserProjectAccessLevel', PLUGINS_USERPROJECTVIEW_THRESHOLD_LEVEL_DEFAULT));
echo '</select>';
echo '</td>';
echo '</tr>';
print_config_table_row();

/**
 * Delete a tag with the given ID.
 * @param integer $p_tag_id The tag ID to delete.
 * @return boolean
 */
function tag_delete($p_tag_id)
{
    tag_ensure_exists($p_tag_id);
    access_ensure_global_level(config_get('tag_edit_threshold'));
    $t_bugs = tag_get_bugs_attached($p_tag_id);
    foreach ($t_bugs as $t_bug_id) {
        tag_bug_detach($p_tag_id, $t_bug_id);
    }
    $t_query = 'DELETE FROM {tag} WHERE id=' . db_param();
    db_query($t_query, array($p_tag_id));
    return true;
}

 * @copyright Copyright 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
 * @copyright Copyright 2002  MantisBT Team - mantisbt-dev@lists.sourceforge.net
 * @link http://www.mantisbt.org
 *
 * @uses core.php
 * @uses access_api.php
 * @uses config_api.php
 * @uses constant_inc.php
 * @uses html_api.php
 * @uses lang_api.php
 */
require_once 'core.php';
require_api('access_api.php');
require_api('config_api.php');
require_api('constant_inc.php');
require_api('html_api.php');
require_api('lang_api.php');
if (!config_get('time_tracking_enabled')) {
    trigger_error(ERROR_ACCESS_DENIED, ERROR);
}
access_ensure_global_level(config_get('time_tracking_reporting_threshold'));
html_page_top(lang_get('time_tracking_billing_link'));
?>

<br />

<?php 
# Work break-down
define('BILLING_INC_ALLOW', true);
include dirname(__FILE__) . DIRECTORY_SEPARATOR . 'billing_inc.php';
html_page_bottom();

<?php

auth_reauthenticate();
access_ensure_global_level(config_get('AccessLevel'));
form_security_validate('plugin_StoryBoard_config_update');
require_once STORYBOARD_CORE_URI . 'storyboard_constant_api.php';
require_once STORYBOARD_CORE_URI . 'storyboard_config_api.php';
require_once STORYBOARD_CORE_URI . 'storyboard_db_api.php';
$storyboard_config_api = new storyboard_config_api();
$storyboard_db_api = new storyboard_db_api();
$option_change = gpc_get_bool('change', false);
$option_addtype = gpc_get_bool('addtype', false);
$option_deltype = gpc_get_bool('deletetype', false);
$option_changetype = gpc_get_bool('changetype', false);
/**
 * Submit configuration changes
 */
if ($option_change) {
    $storyboard_config_api->updateValue('AccessLevel', ADMINISTRATOR);
    $storyboard_config_api->updateButton('ShowInFooter');
    if (!empty($_POST['status_cols'])) {
        foreach ($_POST['status_cols'] as $status_cols) {
            $status_cols = gpc_get_int_array('status_cols');
            if (plugin_config_get('status_cols') != $status_cols) {
                plugin_config_set('status_cols', $status_cols);
            }
        }
    }
}
/**
 * Add a type

# MantisBT is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.
/**
 * Display warning to users before upgrading MantisBT
 * @package MantisBT
 * @copyright Copyright 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
 * @copyright Copyright 2002  MantisBT Team - mantisbt-dev@lists.sourceforge.net
 * @link http://www.mantisbt.org
 */
require_once dirname(dirname(__FILE__)) . '/core.php';
access_ensure_global_level(config_get_global('admin_site_threshold'));
$g_error_send_page_header = false;
# suppress page headers in the error handler
# @@@ upgrade list moved to the bottom of upgrade_inc.php
$f_advanced = gpc_get_bool('advanced', false);
html_begin();
?>
<head>
<title>MantisBT Administration - Check Installation </title>
<link rel="stylesheet" type="text/css" href="admin.css" />
</head>
<body>

<table width="100%" cellspacing="0" cellpadding="0" bgcolor="#ffffff">
	<tr class="top-bar">
		<td class="links">

<?php

require_once 'core/json_api.php';
set_error_handler('json_error_handler');
access_ensure_global_level(plugin_config_get('manage_customers_threshold'));
form_security_validate('manage_customers');
$contents = '';
switch ($_POST['action']) {
    case 'deleteGroup':
        CustomerManagementDao::deleteGroup(gpc_get_int('customerGroupId'));
        break;
    case 'deleteService':
        CustomerManagementDao::deleteService(gpc_get_int('serviceId'));
        break;
    case 'deleteCustomer':
        CustomerManagementDao::deleteCustomer(gpc_get_int('customerId'));
        break;
    case 'saveGroup':
        CustomerManagementDao::saveGroup(gpc_get_int('id', null), gpc_get_string('name'));
        break;
    case 'saveService':
        CustomerManagementDao::saveService(gpc_get_int('id', null), gpc_get_string('name'));
        break;
    case 'saveCustomer':
        CustomerManagementDao::saveCustomer(gpc_get_int('id', null), gpc_get_string('name'), gpc_get_int('customer_group_id'), gpc_get_string('email'), gpc_get_int_array('service_id', array()));
        break;
    case 'sendNotification':
        CustomerNotifier::notifyCustomers(gpc_get_int_array('customer_id'), gpc_get_string('from'), gpc_get_string('to'));
        break;
    case 'previewNotification':
        $contents = CustomerNotifier::buildNotificationEmails(gpc_get_int_array('customer_id'), gpc_get_string('from'), gpc_get_string('to'));