From 48b2b05f20f20252ff53735793c42ca03cff9e7f Mon Sep 17 00:00:00 2001 From: FusionPBX Date: Tue, 9 Aug 2016 16:13:56 -0600 Subject: [PATCH] Update user_edit.php --- core/user_settings/user_edit.php | 504 +++++++++++++++---------------- 1 file changed, 250 insertions(+), 254 deletions(-) diff --git a/core/user_settings/user_edit.php b/core/user_settings/user_edit.php index 24305eb8bb..bbd36d9c65 100644 --- a/core/user_settings/user_edit.php +++ b/core/user_settings/user_edit.php @@ -23,17 +23,20 @@ Contributor(s): Mark J Crane */ -include "root.php"; -require_once "resources/require.php"; -require_once "resources/check_auth.php"; -if (permission_exists("user_account_setting_view")) { - //access granted -} -else { - echo "access denied"; - return; -} +//includes + include "root.php"; + require_once "resources/require.php"; + require_once "resources/check_auth.php"; + +//check permissions + if (permission_exists("user_account_setting_view")) { + //access granted + } + else { + echo "access denied"; + return; + } //add multi-lingual support $language = new text; @@ -74,196 +77,197 @@ else { } } -if (count($_POST)>0 && $_POST["persistform"] != "1") { - - //get the HTTP values and set as variables - $password = check_str($_POST["password"]); - $password_confirm = check_str($_POST["password_confirm"]); - $user_status = check_str($_POST["user_status"]); - $user_template_name = check_str($_POST["user_template_name"]); - $user_language = check_str($_POST["user_language"]); - $user_time_zone = check_str($_POST["user_time_zone"]); - $group_member = check_str($_POST["group_member"]); - - //check required values - if ($password != $password_confirm) { $msg_error = $text['message-password_mismatch']; } - - if ($msg_error != '') { - $_SESSION["message"] = $msg_error; - $_SESSION["message_mood"] = 'negative'; - header("Location: user_edit.php"); - exit; - } - - if (!check_password_strength($password, $text)) { - header("Location: user_edit.php"); - exit; - } - - //check to see if user language is set - $sql = "select count(*) as num_rows from v_user_settings "; - $sql .= "where user_setting_category = 'domain' "; - $sql .= "and user_setting_subcategory = 'language' "; - $sql .= "and user_uuid = '".$user_uuid."' "; - $prep_statement = $db->prepare(check_sql($sql)); - if ($prep_statement) { - $prep_statement->execute(); - $row = $prep_statement->fetch(PDO::FETCH_ASSOC); - if ($row['num_rows'] == 0) { - $user_setting_uuid = uuid(); - $sql = "insert into v_user_settings "; - $sql .= "("; - $sql .= "domain_uuid, "; - $sql .= "user_setting_uuid, "; - $sql .= "user_setting_category, "; - $sql .= "user_setting_subcategory, "; - $sql .= "user_setting_name, "; - $sql .= "user_setting_value, "; - $sql .= "user_setting_enabled, "; - $sql .= "user_uuid "; - $sql .= ") "; - $sql .= "values "; - $sql .= "("; - $sql .= "'".$_SESSION["domain_uuid"]."', "; - $sql .= "'".$user_setting_uuid."', "; - $sql .= "'domain', "; - $sql .= "'language', "; - $sql .= "'code', "; - $sql .= "'".$user_language."', "; - $sql .= "'true', "; - $sql .= "'".$user_uuid."' "; - $sql .= ")"; - $db->exec(check_sql($sql)); +//process http post data + if (count($_POST) > 0 && $_POST["persistform"] != "1") { + + //get the HTTP values and set as variables + $password = check_str($_POST["password"]); + $password_confirm = check_str($_POST["password_confirm"]); + $user_status = check_str($_POST["user_status"]); + $user_template_name = check_str($_POST["user_template_name"]); + $user_language = check_str($_POST["user_language"]); + $user_time_zone = check_str($_POST["user_time_zone"]); + $group_member = check_str($_POST["group_member"]); + + //check required values + if ($password != $password_confirm) { $msg_error = $text['message-password_mismatch']; } + + if ($msg_error != '') { + $_SESSION["message"] = $msg_error; + $_SESSION["message_mood"] = 'negative'; + header("Location: user_edit.php"); + exit; } - else { - if (strlen($user_language) == 0) { - $sql = "delete from v_user_settings "; - $sql .= "where user_setting_category = 'domain' "; - $sql .= "and user_setting_subcategory = 'language' "; - $sql .= "and user_uuid = '".$user_uuid."' "; + + if (!check_password_strength($password, $text)) { + header("Location: user_edit.php"); + exit; + } + + //check to see if user language is set + $sql = "select count(*) as num_rows from v_user_settings "; + $sql .= "where user_setting_category = 'domain' "; + $sql .= "and user_setting_subcategory = 'language' "; + $sql .= "and user_uuid = '".$user_uuid."' "; + $prep_statement = $db->prepare(check_sql($sql)); + if ($prep_statement) { + $prep_statement->execute(); + $row = $prep_statement->fetch(PDO::FETCH_ASSOC); + if ($row['num_rows'] == 0) { + $user_setting_uuid = uuid(); + $sql = "insert into v_user_settings "; + $sql .= "("; + $sql .= "domain_uuid, "; + $sql .= "user_setting_uuid, "; + $sql .= "user_setting_category, "; + $sql .= "user_setting_subcategory, "; + $sql .= "user_setting_name, "; + $sql .= "user_setting_value, "; + $sql .= "user_setting_enabled, "; + $sql .= "user_uuid "; + $sql .= ") "; + $sql .= "values "; + $sql .= "("; + $sql .= "'".$_SESSION["domain_uuid"]."', "; + $sql .= "'".$user_setting_uuid."', "; + $sql .= "'domain', "; + $sql .= "'language', "; + $sql .= "'code', "; + $sql .= "'".$user_language."', "; + $sql .= "'true', "; + $sql .= "'".$user_uuid."' "; + $sql .= ")"; $db->exec(check_sql($sql)); - unset($sql); } else { - $sql = "update v_user_settings set "; - $sql .= "user_setting_value = '".$user_language."', "; - $sql .= "user_setting_enabled = 'true' "; - $sql .= "where user_setting_category = 'domain' "; - $sql .= "and user_setting_subcategory = 'language' "; - $sql .= "and user_uuid = '".$user_uuid."' "; - $db->exec(check_sql($sql)); + if (strlen($user_language) == 0) { + $sql = "delete from v_user_settings "; + $sql .= "where user_setting_category = 'domain' "; + $sql .= "and user_setting_subcategory = 'language' "; + $sql .= "and user_uuid = '".$user_uuid."' "; + $db->exec(check_sql($sql)); + unset($sql); + } + else { + $sql = "update v_user_settings set "; + $sql .= "user_setting_value = '".$user_language."', "; + $sql .= "user_setting_enabled = 'true' "; + $sql .= "where user_setting_category = 'domain' "; + $sql .= "and user_setting_subcategory = 'language' "; + $sql .= "and user_uuid = '".$user_uuid."' "; + $db->exec(check_sql($sql)); + } } } - } - - //check to see if user time_zone is set - $sql = "select count(*) as num_rows from v_user_settings "; - $sql .= "where user_setting_category = 'domain' "; - $sql .= "and user_setting_subcategory = 'time_zone' "; - $sql .= "and user_uuid = '".$user_uuid."' "; - $prep_statement = $db->prepare(check_sql($sql)); - if ($prep_statement) { - $prep_statement->execute(); - $row = $prep_statement->fetch(PDO::FETCH_ASSOC); - if ($row['num_rows'] == 0) { - $user_setting_uuid = uuid(); - $sql = "insert into v_user_settings "; - $sql .= "("; - $sql .= "domain_uuid, "; - $sql .= "user_setting_uuid, "; - $sql .= "user_setting_category, "; - $sql .= "user_setting_subcategory, "; - $sql .= "user_setting_name, "; - $sql .= "user_setting_value, "; - $sql .= "user_setting_enabled, "; - $sql .= "user_uuid "; - $sql .= ") "; - $sql .= "values "; - $sql .= "("; - $sql .= "'".$_SESSION["domain_uuid"]."', "; - $sql .= "'".$user_setting_uuid."', "; - $sql .= "'domain', "; - $sql .= "'time_zone', "; - $sql .= "'name', "; - $sql .= "'".$user_time_zone."', "; - $sql .= "'true', "; - $sql .= "'".$user_uuid."' "; - $sql .= ")"; - $db->exec(check_sql($sql)); - } - else { - if (strlen($user_time_zone) == 0) { - $sql = "delete from v_user_settings "; - $sql .= "where user_setting_category = 'domain' "; - $sql .= "and user_setting_subcategory = 'time_zone' "; - $sql .= "and user_uuid = '".$user_uuid."' "; + + //check to see if user time_zone is set + $sql = "select count(*) as num_rows from v_user_settings "; + $sql .= "where user_setting_category = 'domain' "; + $sql .= "and user_setting_subcategory = 'time_zone' "; + $sql .= "and user_uuid = '".$user_uuid."' "; + $prep_statement = $db->prepare(check_sql($sql)); + if ($prep_statement) { + $prep_statement->execute(); + $row = $prep_statement->fetch(PDO::FETCH_ASSOC); + if ($row['num_rows'] == 0) { + $user_setting_uuid = uuid(); + $sql = "insert into v_user_settings "; + $sql .= "("; + $sql .= "domain_uuid, "; + $sql .= "user_setting_uuid, "; + $sql .= "user_setting_category, "; + $sql .= "user_setting_subcategory, "; + $sql .= "user_setting_name, "; + $sql .= "user_setting_value, "; + $sql .= "user_setting_enabled, "; + $sql .= "user_uuid "; + $sql .= ") "; + $sql .= "values "; + $sql .= "("; + $sql .= "'".$_SESSION["domain_uuid"]."', "; + $sql .= "'".$user_setting_uuid."', "; + $sql .= "'domain', "; + $sql .= "'time_zone', "; + $sql .= "'name', "; + $sql .= "'".$user_time_zone."', "; + $sql .= "'true', "; + $sql .= "'".$user_uuid."' "; + $sql .= ")"; $db->exec(check_sql($sql)); - unset($sql); } else { - $sql = "update v_user_settings set "; - $sql .= "user_setting_value = '".$user_time_zone."', "; - $sql .= "user_setting_enabled = 'true' "; - $sql .= "where user_setting_category = 'domain' "; - $sql .= "and user_setting_subcategory = 'time_zone' "; - $sql .= "and user_uuid = '".$user_uuid."' "; - $db->exec(check_sql($sql)); + if (strlen($user_time_zone) == 0) { + $sql = "delete from v_user_settings "; + $sql .= "where user_setting_category = 'domain' "; + $sql .= "and user_setting_subcategory = 'time_zone' "; + $sql .= "and user_uuid = '".$user_uuid."' "; + $db->exec(check_sql($sql)); + unset($sql); + } + else { + $sql = "update v_user_settings set "; + $sql .= "user_setting_value = '".$user_time_zone."', "; + $sql .= "user_setting_enabled = 'true' "; + $sql .= "where user_setting_category = 'domain' "; + $sql .= "and user_setting_subcategory = 'time_zone' "; + $sql .= "and user_uuid = '".$user_uuid."' "; + $db->exec(check_sql($sql)); + } } } - } - - //sql update - $sql = "update v_users set "; - if (strlen($password) > 0 && $password_confirm == $password) { - //salt used with the password to create a one way hash - $salt = generate_password('20', '4'); - //set the password - $sql .= "password = '".md5($salt.$password)."', "; - $sql .= "salt = '".$salt."', "; - } - $sql .= "user_status = '$user_status' "; + + //sql update + $sql = "update v_users set "; + if (strlen($password) > 0 && $password_confirm == $password) { + //salt used with the password to create a one way hash + $salt = generate_password('20', '4'); + //set the password + $sql .= "password = '".md5($salt.$password)."', "; + $sql .= "salt = '".$salt."', "; + } + $sql .= "user_status = '$user_status' "; + $sql .= "where domain_uuid = '$domain_uuid' "; + $sql .= "and user_uuid = '$user_uuid' "; + if (permission_exists("user_account_setting_edit")) { + $count = $db->exec(check_sql($sql)); + } + + //if call center app is installed then update the user_status + if (is_dir($_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/app/call_center')) { + //update the user_status + $fp = event_socket_create($_SESSION['event_socket_ip_address'], $_SESSION['event_socket_port'], $_SESSION['event_socket_password']); + $switch_cmd .= "callcenter_config agent set status ".$username."@".$_SESSION['domain_name']." '".$user_status."'"; + $switch_result = event_socket_request($fp, 'api '.$switch_cmd); + + //update the user state + $cmd = "api callcenter_config agent set state ".$username."@".$_SESSION['domain_name']." Waiting"; + $response = event_socket_request($fp, $cmd); + } + + //redirect the browser + $_SESSION["message"] = $text['confirm-update']; + header("Location: ".PROJECT_PATH."/core/user_settings/user_edit.php"); + return; + } + else { + $sql = "select * from v_users "; $sql .= "where domain_uuid = '$domain_uuid' "; $sql .= "and user_uuid = '$user_uuid' "; - if (permission_exists("user_account_setting_edit")) { - $count = $db->exec(check_sql($sql)); + $sql .= "and user_enabled = 'true' "; + $prep_statement = $db->prepare(check_sql($sql)); + $prep_statement->execute(); + $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); + foreach ($result as $row) { + //$password = $row["password"]; + $user_status = $row["user_status"]; + break; //limit to 1 row } - - //if call center app is installed then update the user_status - if (is_dir($_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/app/call_center')) { - //update the user_status - $fp = event_socket_create($_SESSION['event_socket_ip_address'], $_SESSION['event_socket_port'], $_SESSION['event_socket_password']); - $switch_cmd .= "callcenter_config agent set status ".$username."@".$_SESSION['domain_name']." '".$user_status."'"; - $switch_result = event_socket_request($fp, 'api '.$switch_cmd); - - //update the user state - $cmd = "api callcenter_config agent set state ".$username."@".$_SESSION['domain_name']." Waiting"; - $response = event_socket_request($fp, $cmd); - } - - //redirect the browser - $_SESSION["message"] = $text['confirm-update']; - header("Location: ".PROJECT_PATH."/core/user_settings/user_edit.php"); - return; -} -else { - $sql = "select * from v_users "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and user_uuid = '$user_uuid' "; - $sql .= "and user_enabled = 'true' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach ($result as $row) { - //$password = $row["password"]; - $user_status = $row["user_status"]; - break; //limit to 1 row + + //get the groups the user is a member of + //group_members function defined in config.php + $group_members = group_members($db, $user_uuid); } - //get the groups the user is a member of - //group_members function defined in config.php - $group_members = group_members($db, $user_uuid); -} - //include the header require_once "resources/header.php"; @@ -392,13 +396,66 @@ else { echo " "; echo " "; - echo ""; - echo "
"; - echo "
"; - echo ""; echo " \n"; - echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + + echo " \n"; + echo " \n"; + echo " \n"; echo " \n"; if ($_SESSION['user_status_display'] == "false") { @@ -449,80 +506,19 @@ else { echo " \n"; } - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; echo "
".$text['table2-title']."\n"; + echo " ".$text['label-user_language']."\n"; + echo " \n"; + echo " \n"; + echo "
\n"; + echo " ".$text['description-user_language']."
\n"; + echo "
\n"; + echo " ".$text['label-time']."\n"; + echo " \n"; + echo " \n"; + echo "
\n"; + echo " ".$text['description-timezone']."
\n"; + echo "
\n"; - echo " ".$text['label-user_language']."\n"; - echo " \n"; - echo " \n"; - echo "
\n"; - echo " ".$text['description-user_language']."
\n"; - echo "
\n"; - echo " ".$text['label-time']."\n"; - echo " \n"; - echo " \n"; - echo "
\n"; - echo " ".$text['description-timezone']."
\n"; - echo "
"; echo "
"; - echo "
"; echo "
"; - echo ""; + //capture enter key to submit form echo "