From c36a15d37a209a90c4be0c14b9c62360e20e6c22 Mon Sep 17 00:00:00 2001 From: markjcrane Date: Tue, 4 Nov 2025 19:09:01 -0700 Subject: [PATCH] Update user profile - Add contact if needed - Update the contact details --- core/users/user_profile.php | 263 ++++++++++++++++++------------------ 1 file changed, 135 insertions(+), 128 deletions(-) diff --git a/core/users/user_profile.php b/core/users/user_profile.php index e00e8e78c7..cc7f994e97 100644 --- a/core/users/user_profile.php +++ b/core/users/user_profile.php @@ -39,13 +39,11 @@ $action = 'edit'; //retrieve password requirements - if (permission_exists('user_password')) { - $required['length'] = $settings->get('users', 'password_length', 12); - $required['number'] = $settings->get('users', 'password_number', false); - $required['lowercase'] = $settings->get('users', 'password_lowercase', false); - $required['uppercase'] = $settings->get('users', 'password_uppercase', false); - $required['special'] = $settings->get('users', 'password_special', false); - } + $required['length'] = $settings->get('users', 'password_length', 12); + $required['number'] = $settings->get('users', 'password_number', false); + $required['lowercase'] = $settings->get('users', 'password_lowercase', false); + $required['uppercase'] = $settings->get('users', 'password_uppercase', false); + $required['special'] = $settings->get('users', 'password_special', false); //process the http post if (!empty($_POST)) { @@ -69,6 +67,7 @@ $contact_attachment_uuid = $_POST['contact_attachment_uuid']; $contact_attachment = $_FILES['contact_attachment']; + //get the totp secret if (!empty($_SESSION['authentication']['methods']) && in_array('totp', $_SESSION['authentication']['methods'])) { $user_totp_secret = strtoupper($_POST["user_totp_secret"]); } @@ -107,13 +106,10 @@ } //require passwords not allowed to be empty - if (permission_exists('user_password') && permission_exists('user_add') && $action == 'add') { + if ($action == 'add') { if (empty($password)) { message::add($text['message-password_blank'], 'negative', 7500); } - if (empty($group_uuid_name)) { - $invalid[] = $text['label-group']; - } } //require a value a valid email address format @@ -122,7 +118,7 @@ } //require passwords with the defined required attributes: length, number, lower case, upper case, and special characters - if (permission_exists('user_password') && !empty($password)) { + if (!empty($password)) { if (!empty($required['length']) && is_numeric($required['length']) && $required['length'] != 0) { if (strlen($password) < $required['length']) { $invalid[] = $text['label-characters']; @@ -150,8 +146,11 @@ } } + //set the contact_uuid + $contact_uuid = $_SESSION['user']['contact_uuid'] ?? uuid(); + //save contact - $array['contacts'][$c]['contact_uuid'] = $_SESSION['user']['contact_uuid']; + $array['contacts'][$c]['contact_uuid'] = $contact_uuid; $array['contacts'][$c]['domain_uuid'] = $domain_uuid; $array['contacts'][$c]['contact_type'] = 'user'; $array['contacts'][$c]['contact_name_given'] = $contact_name_given ?? null; @@ -161,7 +160,7 @@ //save email $array['contact_emails'][$n]['contact_email_uuid'] = is_uuid($contact_email_uuid) ? $contact_email_uuid : uuid(); - $array['contact_emails'][$n]['contact_uuid'] = $_SESSION['user']['contact_uuid']; + $array['contact_emails'][$n]['contact_uuid'] = $contact_uuid; $array['contact_emails'][$n]['domain_uuid'] = $domain_uuid; $array['contact_emails'][$n]['email_address'] = $user_email; $array['contact_emails'][$n]['email_primary'] = 'true'; @@ -170,7 +169,7 @@ //save phone if (!empty($phone_number)) { $array['contact_phones'][$y]['contact_phone_uuid'] = is_uuid($contact_phone_uuid) ? $contact_phone_uuid : uuid(); - $array['contact_phones'][$y]['contact_uuid'] = $_SESSION['user']['contact_uuid']; + $array['contact_phones'][$y]['contact_uuid'] = $contact_uuid; $array['contact_phones'][$y]['domain_uuid'] = $domain_uuid; $array['contact_phones'][$y]['phone_number'] = $phone_number; $array['contact_phones'][$y]['phone_primary'] = 'true'; @@ -180,7 +179,7 @@ //save address if (!empty($address_locality) || !empty($address_region) || !empty($address_country)) { $array['contact_addresses'][$y]['contact_address_uuid'] = is_uuid($contact_address_uuid) ? $contact_address_uuid : uuid(); - $array['contact_addresses'][$y]['contact_uuid'] = $_SESSION['user']['contact_uuid']; + $array['contact_addresses'][$y]['contact_uuid'] = $contact_uuid; $array['contact_addresses'][$y]['domain_uuid'] = $domain_uuid; $array['contact_addresses'][$y]['address_locality'] = $address_locality ?? null; $array['contact_addresses'][$y]['address_region'] = $address_region ?? null; @@ -194,7 +193,7 @@ $p = permissions::new(); $p->add('contact_attachment_delete', 'temp'); - $array_delete['contact_attachments'][0]['contact_uuid'] = $_SESSION['user']['contact_uuid']; + $array_delete['contact_attachments'][0]['contact_uuid'] = $contact_uuid; $array_delete['contact_attachments'][0]['domain_uuid'] = $domain_uuid; $array_delete['contact_attachments'][0]['contact_attachment_uuid'] = $contact_attachment_uuid; $database->delete($array_delete); @@ -212,7 +211,7 @@ $sql .= "where domain_uuid = :domain_uuid "; $sql .= "and contact_uuid = :contact_uuid "; $parameters['domain_uuid'] = $domain_uuid; - $parameters['contact_uuid'] = $_SESSION['user']['contact_uuid']; + $parameters['contact_uuid'] = $contact_uuid; $database->execute($sql, $parameters); unset($sql, $parameters); @@ -257,7 +256,7 @@ //prepare the array $array['contact_attachments'][0]['contact_attachment_uuid'] = is_uuid($contact_attachment_uuid) ? $contact_attachment_uuid : uuid(); $array['contact_attachments'][0]['domain_uuid'] = $domain_uuid; - $array['contact_attachments'][0]['contact_uuid'] = $_SESSION['user']['contact_uuid']; + $array['contact_attachments'][0]['contact_uuid'] = $contact_uuid; $array['contact_attachments'][0]['attachment_primary'] = 'true'; $array['contact_attachments'][0]['attachment_filename'] = $contact_attachment['name']; $array['contact_attachments'][0]['attachment_content'] = base64_encode($contact_attachment_content); @@ -387,7 +386,7 @@ //add user setting to array for update $array['users'][$x]['user_uuid'] = $user_uuid; - if (permission_exists('user_password') && !empty($password) && $password == $password_confirm) { + if (!empty($password) && $password == $password_confirm) { //remove the session id files $sql = "select session_id from v_user_logs "; $sql .= "where user_uuid = :user_uuid "; @@ -407,23 +406,31 @@ } $array['users'][$x]['user_email'] = $user_email; $array['users'][$x]['user_status'] = $user_status; - if (permission_exists('user_add') || permission_exists('user_edit')) { - if (!empty($_SESSION['authentication']['methods']) && in_array('totp', $_SESSION['authentication']['methods'])) { - $array['users'][$x]['user_totp_secret'] = $user_totp_secret; - } - if ($action == 'add') { - $array['users'][$x]['add_user'] = $_SESSION["user"]["username"]; - $array['users'][$x]['add_date'] = date("Y-m-d H:i:s.uO"); - } + $array['users'][$x]['contact_uuid'] = $contact_uuid; + if (!empty($_SESSION['authentication']['methods']) && in_array('totp', $_SESSION['authentication']['methods'])) { + $array['users'][$x]['user_totp_secret'] = $user_totp_secret; + } + if ($action == 'add') { + $array['users'][$x]['add_user'] = $_SESSION["user"]["username"]; + $array['users'][$x]['add_date'] = date("Y-m-d H:i:s.uO"); } $x++; + //add the user_edit permission $p = permissions::new(); + + $p->add("user_edit", "temp"); $p->add("user_setting_add", "temp"); $p->add("user_setting_edit", "temp"); - $p->add("user_edit", "temp"); - $p->add('user_group_add', 'temp'); + $p->add('contact_add', 'temp'); + $p->add('contact_edit', 'temp'); + $p->add('contact_email_add', 'temp'); + $p->add('contact_email_edit', 'temp'); + $p->add('contact_phone_add', 'temp'); + $p->add('contact_phone_edit', 'temp'); + $p->add('contact_address_add', 'temp'); + $p->add('contact_address_edit', 'temp'); $p->add("contact_attachment_add", "temp"); $p->add("contact_attachment_edit", "temp"); $p->add("contact_attachment_delete", "temp"); @@ -433,10 +440,17 @@ //$message = $database->message; //remove the temporary permission + $p->delete("user_edit", "temp"); $p->delete("user_setting_add", "temp"); $p->delete("user_setting_edit", "temp"); - $p->delete("user_edit", "temp"); - $p->delete('user_group_add', 'temp'); + $p->delete("contact_add", "temp"); + $p->delete("contact_edit", "temp"); + $p->delete("contact_email_add", "temp"); + $p->delete("contact_email_edit", "temp"); + $p->delete("contact_phone_add", "temp"); + $p->delete("contact_phone_edit", "temp"); + $p->delete("contact_address_add", "temp"); + $p->delete("contact_address_edit", "temp"); $p->delete("contact_attachment_add", "temp"); $p->delete("contact_attachment_edit", "temp"); $p->delete("contact_attachment_delete", "temp"); @@ -449,7 +463,7 @@ settings::clear_cache(); //if call center installed - if ($action == 'edit' && permission_exists('user_edit') && file_exists($_SERVER["PROJECT_ROOT"]."/app/call_centers/app_config.php")) { + if ($action == 'edit' && file_exists($_SERVER["PROJECT_ROOT"]."/app/call_centers/app_config.php")) { //get the call center agent uuid $sql = "select call_center_agent_uuid from v_call_center_agents "; $sql .= "where domain_uuid = :domain_uuid "; @@ -594,37 +608,35 @@ $document['title'] = $text['title-user_profile']; //show the content - if (permission_exists('user_password')) { - echo "\n"; - } + echo "\n"; echo "
\n"; echo "\n"; @@ -639,10 +651,8 @@ } $button_margin = 'margin-left: 15px;'; + echo button::create(['type'=>'button','label'=>$text['button-save'],'icon'=>$settings->get('theme', 'button_icon_save'),'id'=>'btn_save','style'=>'margin-left: 15px;','onclick'=>'submit_form();']); - if (permission_exists('user_add') || permission_exists('user_edit')) { - echo button::create(['type'=>'button','label'=>$text['button-save'],'icon'=>$settings->get('theme', 'button_icon_save'),'id'=>'btn_save','style'=>'margin-left: 15px;','onclick'=>'submit_form();']); - } echo " \n"; echo "
\n"; echo "\n"; @@ -660,51 +670,50 @@ echo " "; echo " "; - if (permission_exists('user_password')) { - echo " "; - echo " ".$text['label-password'].""; - echo " "; - echo " "; //help defeat browser auto-fill - echo " "; - echo "

\n"; - if ((!empty($required['length']) && is_numeric($required['length']) && $required['length'] != 0) || $required['number'] || $required['lowercase'] || $required['uppercase'] || $required['special']) { - echo $text['label-required'].': '; - if (is_numeric($required['length']) && $required['length'] != 0) { - echo $required['length']." ".$text['label-characters']; - if ($required['number'] || $required['lowercase'] || $required['uppercase'] || $required['special']) { - echo " ("; - } + + echo " "; + echo " ".$text['label-password'].""; + echo " "; + echo " "; //help defeat browser auto-fill + echo " "; + echo "

\n"; + if ((!empty($required['length']) && is_numeric($required['length']) && $required['length'] != 0) || $required['number'] || $required['lowercase'] || $required['uppercase'] || $required['special']) { + echo $text['label-required'].': '; + if (is_numeric($required['length']) && $required['length'] != 0) { + echo $required['length']." ".$text['label-characters']; + if ($required['number'] || $required['lowercase'] || $required['uppercase'] || $required['special']) { + echo " ("; } - if ($required['number']) { - $required_temp[] = $text['label-number']; - } - if ($required['lowercase']) { - $required_temp[] = $text['label-lowercase']; - } - if ($required['uppercase']) { - $required_temp[] = $text['label-uppercase']; - } - if ($required['special']) { - $required_temp[] = $text['label-special']; - } - if (!empty($required_temp)) { - echo implode(', ',$required_temp); - if (is_numeric($required['length']) && $required['length'] != 0) { - echo ")"; - } - } - unset($required_temp); } - echo " "; - echo " "; - echo " "; - echo " ".$text['label-confirm_password'].""; - echo " "; - echo "
\n"; - echo " ".$text['message-green_border_passwords_match']."\n"; - echo " "; - echo " "; + if ($required['number']) { + $required_temp[] = $text['label-number']; + } + if ($required['lowercase']) { + $required_temp[] = $text['label-lowercase']; + } + if ($required['uppercase']) { + $required_temp[] = $text['label-uppercase']; + } + if ($required['special']) { + $required_temp[] = $text['label-special']; + } + if (!empty($required_temp)) { + echo implode(', ',$required_temp); + if (is_numeric($required['length']) && $required['length'] != 0) { + echo ")"; + } + } + unset($required_temp); } + echo " "; + echo " "; + echo " "; + echo " ".$text['label-confirm_password'].""; + echo " "; + echo "
\n"; + echo " ".$text['message-green_border_passwords_match']."\n"; + echo " "; + echo " "; //user time based one time password secret if (!empty($_SESSION['authentication']['methods']) && in_array('totp', $_SESSION['authentication']['methods'])) { @@ -895,25 +904,23 @@ echo " \n"; echo " \n"; - if (permission_exists("user_status")) { - echo " \n"; - echo " \n"; - echo " ".$text['label-status']."\n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo "
\n"; - echo " ".$text['description-status']."
\n"; - echo " \n"; - echo " \n"; - } + echo " \n"; + echo " \n"; + echo " ".$text['label-status']."\n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo "
\n"; + echo " ".$text['description-status']."
\n"; + echo " \n"; + echo " \n"; echo " \n"; echo " ".$text['label-photo']."\n";