From afb7d138833b7c932e24e7ed7544c4d274169752 Mon Sep 17 00:00:00 2001
From: prescience <prescience@f5dc347c-c33d-0410-90a0-b07cc1902cb9>
Date: Sat, 17 Mar 2001 04:45:03 +0000
Subject: [PATCH] new files

git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@242 f5dc347c-c33d-0410-90a0-b07cc1902cb9
---
 info.php3     |  84 +++++++++++++++++++++++++++++++
 release.php3  | 135 ++++++++++++++++++++++++++++++++++++++++++++++++++
 security.php3 |  47 ++++++++++++++++++
 3 files changed, 266 insertions(+)
 create mode 100644 info.php3
 create mode 100644 release.php3
 create mode 100644 security.php3

diff --git a/info.php3 b/info.php3
new file mode 100644
index 0000000..153db76
--- /dev/null
+++ b/info.php3
@@ -0,0 +1,84 @@
+<html>
+<head>
+<style>
+body { background-color:#ffffff; font-family:Verdana, Arial; font-size=10pt }
+td {  font-family:Verdana, Arial; font-size=10pt }
+p {  font-family:Verdana, Arial; font-size=10pt }
+</style>
+<title>Mantis</title>
+</head>
+<body>
+
+<p>
+<div align=center>
+	<h2>Mantis</h2>
+	Last modified: <? echo date( "M d, Y - H:m", getlastmod() )?>
+</div>
+
+<p>
+<div align=center>
+
+<table width=100%>
+<tr valign=top>
+	<? include("side_menu.php3") ?>
+<td>
+<p>
+<b><font size=+1>Information</font></b>
+
+<p>
+<b>Example of Use</b>
+<p>
+The following is a basic description of what I envisioned when developing the system.
+<p>
+Access level have been broken into the following:
+<ul>
+<li>viewer
+<li>reporter
+<li>updater
+<li>developer
+<li>manager
+<li>administrator
+</ul>
+Viewers should be considered outsiders to the system.  They have no rights to change or add to any of the data.  This is a useful state for anonymous or guest accounts.  Project teams that wish to allow public access to a bug database but do not wish for more can use this access level.
+<p>
+Reporters are your basic users who report bugs or request features.  Most of the time these will be your customers or testers.
+<p>
+Updaters are basically privileged reporters.  They are allowed to update the status of a bug.  This can range from confirming a bug, assigning it to the proper developer, or even resolving a bug.  Examples would be experienced beta testers or trusted members of the product community (helpful power users).
+<p>
+Developers should be self-explanatory.  These are the people who actually work on the project/product.
+<p>
+Managers are also Developers but also have the power to control access to projects.  They are assigned ownership of a project on a per project basis.  This is similar to a forum moderator.
+<p>
+Administrators are the people who have total control over the system.  Yes, they can even screw up the project.  In principle, these accounts shouldn't be used except for administrative functions.  Theses might include creating new projects, assigning managers to projects, or making system changes.
+<p>
+The typical cycle for a bug would be as follows:
+<ul>
+<li>User downloads/buys product and starts using it.
+<li>User discovers what he considers a bug.
+<li>User returns to the product webpage to see if there is a fix or workaround.
+<li>User sees that there is a public bugtracker and goes to see if his bug is listed there.
+<li>User doesn't find it and so reports it.
+<li>Updater comes by and notices a NEW bug and reads it.
+<li>Updater decides that the bug is legitimate and so ASSIGNS it to a developer.
+<li>Developer is notified and discovers he needs more information.
+<li>Developer adds a note requesting information and sets the bug to FEEDBACK status.
+<li>User recieves an email requesting more information and returns to give it.
+<li>Developer and User correspond via bugnotes until the information needed is retrieved.
+<li>Developer fixes bug and posts fix or workaround.
+<li>Developer RESOLVES the bug.
+</ul>
+<p>
+<b>Navigation</b>
+<p>
+My biggest problem with every web based bugtracking package that I have come across is that the interfaces are inadequate.  Most of the time I go to a bugtracker for one of two reasons: 1) I want to file a bug.  2) I want to browse recent, open bugs.  All of the bugtrackers that I have seen up to this point made is difficult to do 2.  Most of the time they use poor language like 'generate reports'.  Almost all seem to think that the first thing you'd like to do when entering a bugtracker is to query for a bug by its ID.  I find that bug IDs are the last thing I remember and I think it's an extremely poor choice to be presented to a new visitor.  My interface reflects this disatisfaction.  All major actions are available via the menu bar, thus navigation is simple and quick.
+</td>
+</tr>
+</table>
+
+<p>
+<div align=right>
+<A href="http://sourceforge.net"> <IMG src="http://sourceforge.net/sflogo.php?group_id=14963" width="88" height="31" border="0" alt="SourceForge Logo"></A>
+</div>
+
+</body>
+</html>
\ No newline at end of file
diff --git a/release.php3 b/release.php3
new file mode 100644
index 0000000..25ccb3c
--- /dev/null
+++ b/release.php3
@@ -0,0 +1,135 @@
+<?
+	function print_item($type,$old,$new,$notes) {
+		PRINT "<tr>";
+			PRINT "<td>";
+				echo $type;
+			PRINT "</td>";
+			PRINT "<td>";
+				echo $old;
+			PRINT "</td>";
+			PRINT "<td>";
+				echo $new;
+			PRINT "</td>";
+			PRINT "<td>";
+				echo $notes;
+			PRINT "</td>";
+		PRINT "</tr>";
+	}
+
+	function print_table($title,$color) {
+		PRINT "<tr align=center bgcolor=$color>";
+			PRINT "<td colspan=4>";
+				PRINT "<b>$title</b>";
+			PRINT "</td>";
+		PRINT "</tr>";
+		PRINT "<tr bgcolor=#eeeeee>";
+			PRINT "<td width=10%>Action</td>";
+			PRINT "<td width=20%>Old Value</td>";
+			PRINT "<td width=20%>New Value</td>";
+			PRINT "<td width=50%>Notes</td>";
+		PRINT "</tr>";
+	}
+
+	function print_release($version,$date,$message) {
+		PRINT "<table width=100% bgcolor=#aaaaaa cellspacing=1 border=0>";
+		PRINT "<tr bgcolor=#bbddff>";
+			PRINT "<td>";
+			PRINT "<b>$version</b> - $date";
+			PRINT "</td>";
+		PRINT "</tr>";
+		PRINT "<tr bgcolor=#ffffff>";
+			PRINT "<td>";
+			PRINT "<p>";
+			PRINT "$message";
+			PRINT "<p>";
+	}
+
+	function print_modified($list) {
+		$list_arr = explode(" ",$list);
+		$file_count = count( $list_arr );
+			###<!-- MODIFIED FILES ------------------- -->
+			PRINT "<p>";
+			PRINT "<b>Modified Files</b>";
+			PRINT "<ul>";
+				for ($i=0;$i<$file_count;$i++) {
+					if (!empty($list_arr[$i])) {
+						PRINT "<li>$list_arr[$i]";
+					}
+				}
+			PRINT "</ul>";
+			PRINT "</td>";
+		PRINT "</tr>";
+		PRINT "</table>";
+	}
+?>
+<html>
+<head>
+<style>
+body { background-color:#ffffff; font-family:Verdana, Arial; font-size=10pt }
+td {  font-family:Verdana, Arial; font-size=10pt }
+p {  font-family:Verdana, Arial; font-size=10pt }
+</style>
+<title>Mantis</title>
+</head>
+<body>
+
+<p>
+<div align=center>
+	<h2>Mantis</h2>
+	Last modified: <? echo date( "M d, Y - H:m", getlastmod() )?>
+</div>
+
+<p>
+<div align=center>
+
+<table width=100%>
+<tr valign=top>
+	<? include("side_menu.php3") ?>
+<td>
+<p>
+<b><font size=+1>Release Notes</font></b>
+
+<p>
+This is a preliminary draft of the release notes.
+<p>
+
+<!-- BEGIN 0.15.0 --------------------------------------------- -->
+	<? print_release("0.1.0","July 3, 1977",
+					"This release really doesn't do much"); ?>
+
+	<!-- GLOBALS ------------------- -->
+	<table width=100%>
+	<? print_table("Globals","#ddddff") ?>
+
+	<? print_item("delete","g_garbage","","This is no longer used.  It has been deprecated by g_trash") ?>
+	<? print_item("add","","g_new_val","Added new variable") ?>
+	<? print_item("rename","g_var1","g_variable","New naming scheme") ?>
+	</table>
+
+	<!-- FILES ------------------- -->
+	<p>
+	<table width=100%>
+	<? print_table("Files","#ffdddd") ?>
+
+	<? print_item("delete","delete_me.php","","This is no longer used.") ?>
+	<? print_item("add","","new_page_me.php","") ?>
+	<? print_item("rename","ok.php","better.php","") ?>
+	</table>
+	<p>
+
+	<!-- MODIFIED FILES ------------------- -->
+	<? print_modified("config_inc.php core_API.php") ?>
+	<hr>
+<!-- END 0.15.0 --------------------------------------------- -->
+
+</td>
+</tr>
+</table>
+
+<p>
+<div align=right>
+<A href="http://sourceforge.net"> <IMG src="http://sourceforge.net/sflogo.php?group_id=14963" width="88" height="31" border="0" alt="SourceForge Logo"></A>
+</div>
+
+</body>
+</html>
\ No newline at end of file
diff --git a/security.php3 b/security.php3
new file mode 100644
index 0000000..49c45ae
--- /dev/null
+++ b/security.php3
@@ -0,0 +1,47 @@
+<html>
+<head>
+<style>
+body { background-color:#ffffff; font-family:Verdana, Arial; font-size=10pt }
+td {  font-family:Verdana, Arial; font-size=10pt }
+p {  font-family:Verdana, Arial; font-size=10pt }
+</style>
+<title>Mantis</title>
+</head>
+<body>
+
+<p>
+<div align=center>
+	<h2>Mantis</h2>
+	Last modified: <? echo date( "M d, Y - H:m", getlastmod() )?>
+</div>
+
+<p>
+<div align=center>
+
+<table width=100%>
+<tr valign=top>
+	<? include("side_menu.php3") ?>
+<td>
+<p>
+<b><font size=+1>Security</font></b>
+
+<p>
+<b>Show Source</b> - Warning
+<p>
+Letting users see the complete source can be a security hazard.  This can happen if you set $g_show_source to something other than 0 or 1.  Users can replace the f_url in the URL with any file available on the system.
+
+<p>
+<b>Passwords</b> - Information
+<p>
+Currently the passwords are run through the crypt() function before being stored.  crypt() is a one way function; this means that you cannot obtain the original password from the crypt()ed password.  This ensures that the user passwords are not readable should the database be cracked into (Note: this doesn't mean they are uncrackable, enough time and processing power and brute force will reveal most passwords).  However, your username and password are most likely being transmitted in clear text.  You will have to use a ssl (https) connection to protect transmission.
+</td>
+</tr>
+</table>
+
+<p>
+<div align=right>
+<A href="http://sourceforge.net"> <IMG src="http://sourceforge.net/sflogo.php?group_id=14963" width="88" height="31" border="0" alt="SourceForge Logo"></A>
+</div>
+
+</body>
+</html>
\ No newline at end of file