From eafa89a624f018898ac37c8430d307facf5c0998 Mon Sep 17 00:00:00 2001 From: markjcrane Date: Wed, 24 May 2023 10:13:49 -0600 Subject: [PATCH] Fixed require unique username globally or per domain --- core/users/user_edit.php | 30 +++++++++++++++++++++++------- 1 file changed, 23 insertions(+), 7 deletions(-) diff --git a/core/users/user_edit.php b/core/users/user_edit.php index ffd17591b4..ce0fbfcac5 100644 --- a/core/users/user_edit.php +++ b/core/users/user_edit.php @@ -125,10 +125,10 @@ $password = $_POST["password"]; $password_confirm = $_POST["password_confirm"]; $user_email = $_POST["user_email"]; - $user_status = $_POST["user_status"] ?? null; + $user_status = $_POST["user_status"] ?? ''; $user_language = $_POST["user_language"]; $user_time_zone = $_POST["user_time_zone"]; - + if (permission_exists('contact_edit') && $action == 'edit') { $contact_uuid = $_POST["contact_uuid"]; } @@ -145,7 +145,7 @@ if (permission_exists('message_key')) { $message_key = $_POST["message_key"]; } - if (in_array('totp', $_SESSION['authentication']['methods'])) { + if (isset($_SESSION['authentication']['methods']) && in_array('totp', $_SESSION['authentication']['methods'])) { $user_totp_secret = strtoupper($_POST["user_totp_secret"]); } @@ -158,9 +158,11 @@ } //check required values - if ($username == '') { + if (empty($username)) { $invalid[] = $text['label-username']; } + + //require a username format: any, email, no_email if ($_SESSION['users']['username_format']['text'] != '' && $_SESSION['users']['username_format']['text'] != 'any') { if ( ($_SESSION['users']['username_format']['text'] == 'email' && !valid_email($username)) || @@ -169,10 +171,17 @@ message::add($text['message-username_format_invalid'], 'negative', 7500); } } + + //require unique globally or per domain if ((permission_exists('user_edit') && $action == 'edit' && $username != $username_old && $username != '') || (permission_exists('user_add') && $action == 'add' && $username != '')) { - $sql = "select count(*) from v_users where username = :username "; - if (!empty($_SESSION["users"]["unique"]["text"]) && $_SESSION["users"]["unique"]["text"] != "global") { + + $sql = "select count(*) from v_users "; + if (isset($_SESSION["users"]["unique"]["text"]) && $_SESSION["users"]["unique"]["text"] == "global") { + $sql .= "where username = :username "; + } + else { + $sql .= "where username = :username "; $sql .= "and domain_uuid = :domain_uuid "; $parameters['domain_uuid'] = $domain_uuid; } @@ -184,9 +193,13 @@ } unset($sql, $parameters); } + + //require the passwords to match if ($password != '' && $password != $password_confirm) { message::add($text['message-password_mismatch'], 'negative', 7500); } + + //require passwords not allowed to be empty if (permission_exists('user_add') && $action == 'add') { if ($password == '') { message::add($text['message-password_blank'], 'negative', 7500); @@ -195,10 +208,13 @@ $invalid[] = $text['label-group']; } } + + //require a value a valid email address format if (!valid_email($user_email)) { $invalid[] = $text['label-email']; } + //require passwords with the defined required attributes: length, number, lower case, upper case, and special characters if (!empty($password)) { if (is_numeric($required['length']) && $required['length'] != 0) { if (strlen($password) < $required['length']) { @@ -558,7 +574,7 @@ unset($sql, $parameters); //update the user_status - if (isset($call_center_agent_uuid) && is_uuid($call_center_agent_uuid)) { + if (isset($call_center_agent_uuid) && is_uuid($call_center_agent_uuid) && !empty($user_status)) { $fp = event_socket_create($_SESSION['event_socket_ip_address'], $_SESSION['event_socket_port'], $_SESSION['event_socket_password']); $switch_cmd .= "callcenter_config agent set status ".$call_center_agent_uuid." '".$user_status."'"; $switch_result = event_socket_request($fp, 'api '.$switch_cmd);