redmine

Initial commit

config.php
... ...
[submodule "lib/php-redmine-api"]
path = lib/php-redmine-api
url = https://github.com/kbsali/php-redmine-api
... ...
<?php
define('REDMINE_URL', 'http://redmine.ut.mephi.ru');
define('REDMINE_WHITEPORT', ':81');
define('REDMINE_LOGIN', 'PrivateManager');
define('REDMINE_PASSWORD', 'somepasswordhere');
define('MYSQL_SERVER', '127.0.0.1:3306');
define('MYSQL_USER', 'privatemanager');
define('MYSQL_PASSWORD', 'somepasswordheretoo');
define('MYSQL_DB', 'redmine_default');
?>
... ...
<?php
require_once("config.php");
$cookiestr = '_redmine_default=' . $_COOKIE['_redmine_default'] . '; path=/';
function out($ret, $curl_handler, $contenttype) {
header('Content-Type: '.$contenttype);
print $ret;
curl_close($curl_handler);
exit(0);
}
function request($uri, $method=NULL) {
global $cookiestr;
if(is_null($method))
$method = $_SERVER['REQUEST_METHOD'];
$curl_handler = curl_init();
curl_setopt($curl_handler, CURLOPT_URL, REDMINE_URL.REDMINE_WHITEPORT.'/'.$uri);
switch($method) {
case 'GET':
break;
case 'POST':
$post_data = file_get_contents("php://input");
curl_setopt($curl_handler, CURLOPT_POSTFIELDS, $post_data);
curl_setopt($curl_handler, CURLOPT_POST, 1);
break;
case 'PUT';
$post_data = file_get_contents("php://input");
curl_setopt($curl_handler, CURLOPT_POSTFIELDS, $post_data);
curl_setopt($curl_handler, CURLOPT_PUT, 1);
break;
default:
curl_setopt($curl_handler, CURLOPT_CUSTOMREQUEST, $method);
break;
}
curl_setopt($curl_handler, CURLOPT_COOKIE, $cookiestr);
curl_setopt($curl_handler, CURLOPT_RETURNTRANSFER, 1);
$ret = curl_exec($curl_handler);
return array($ret, $curl_handler, curl_getinfo($curl_handler, CURLINFO_CONTENT_TYPE));
}
function permit() {
global $path, $dir;
list($ret, $curl_handler, $contenttype) = request($dir.$path);
out($ret, $curl_handler, $contenttype);
}
function login() {
global $path, $dir;
header('Location: '.REDMINE_URL.'/login?back_url='.urlencode(REDMINE_URL.'/'.$dir.$path));
exit(0);
}
function error() {
header('Location: '.REDMINE_URL);
exit(0);
}
//$path = preg_replace('%^.*/attachments/download%', '', $_GET['path']);
if (strstr($_SERVER['REQUEST_URI'], '/attachments/download/')) {
$dir = 'attachments/download';
} else
$dir = 'attachments';
$path = preg_replace('%^.*'.$dir.'%', '', $_SERVER['REQUEST_URI']);
if(preg_match('%^/[0-9]*/private_%', $path) == 0)
permit();
list($ret, $curl_handler) = request('my/account', 'GET');
curl_close($curl_handler);
if(preg_match('%<p>Login:\s*<strong><a href="/users/([0-9]*)" class="user active">([^<]*)</a></strong><br\s*/>%', $ret, $matches) == 0)
login();
$user_id = $matches[1];
$user_login = $matches[2];
@mysql_connect(MYSQL_SERVER, MYSQL_USER, MYSQL_PASSWORD);
mysql_select_db(MYSQL_DB);
$result = mysql_query('SELECT `admin` FROM `users` WHERE `id`="'.mysql_real_escape_string($user_id).'"');
if($result === FALSE)
error();
$row = mysql_fetch_assoc($result);
if($row['admin'] != 0)
permit();
preg_match('%/([0-9]*)/(.*)$%', $path, $matches);
$attachment_id = $matches[1];
$attachment_name = $matches[2];
require_once "lib/php-redmine-api/lib/Redmine/Client.php";
require_once "lib/php-redmine-api/lib/Redmine/Api/AbstractApi.php";
require_once "lib/php-redmine-api/lib/Redmine/Api/User.php";
require_once "lib/php-redmine-api/lib/Redmine/Api/Issue.php";
require_once "lib/php-redmine-api/lib/Redmine/Api/Project.php";
require_once "lib/php-redmine-api/lib/Redmine/Api/Attachment.php";
$redmine = new Redmine\Client(REDMINE_URL, REDMINE_LOGIN, REDMINE_PASSWORD);
#$user = $redmine->api('user')->show($user_id);
#
#if ($user['user']['admin'] != 0)
# permit();
$result = mysql_query('SELECT `container_id` FROM `attachments` WHERE `id`="'.mysql_real_escape_string($attachment_id).'"');
if($result === FALSE)
error();
$row = mysql_fetch_assoc($result);
if(!$row)
error();
$issue = $redmine->api('issue')->show($row['container_id']);
$project = $redmine->api('project')->show($issue['issue']['project']['id']);
$result = mysql_query('SELECT `1` FROM `members` WHERE `project_id`="'.mysql_real_escape_string($project['project']['id']).'" AND `user_id`="'.mysql_real_escape_string($user_id).'"');
if($result !== FALSE)
permit();
?>
... ...
php-redmine-api @ f7c1ab43
Subproject commit f7c1ab4354dfaccb55e47ab12b74f04513157656
... ...