Example #1
0
 function sendAccessLink()
 {
     global $ost;
     if (!($ticket = $this->getTicket()) || !($email = $ost->getConfig()->getDefaultEmail()) || !($content = Page::lookup(Page::getIdByType('access-link')))) {
         return;
     }
     $vars = array('url' => $ost->getConfig()->getBaseUrl(), 'ticket' => $this->getTicket(), 'user' => $this, 'recipient' => $this);
     $msg = $ost->replaceTemplateVariables(array('subj' => $content->getName(), 'body' => $content->getBody()), $vars);
     $email->send($this->getEmail(), Format::striptags($msg['subj']), $msg['body']);
 }
Example #2
0
    Peter Rotich <*****@*****.**>
    Copyright (c)  2006-2013 osTicket
    http://www.osticket.com

    Released under the GNU General Public License WITHOUT ANY WARRANTY.
    See LICENSE.TXT for details.

    vim: expandtab sw=4 ts=4 sts=4:
**********************************************************************/
require_once '../main.inc.php';
if (!defined('INCLUDE_DIR')) {
    die('Fatal Error. Kwaheri!');
}
require_once INCLUDE_DIR . 'class.staff.php';
require_once INCLUDE_DIR . 'class.csrf.php';
$content = Page::lookup(Page::getIdByType('banner-staff'));
$dest = $_SESSION['_staff']['auth']['dest'];
$msg = $_SESSION['_staff']['auth']['msg'];
$msg = $msg ?: ($content ? $content->getName() : 'Authentication Required');
$dest = $dest && (!strstr($dest, 'login.php') && !strstr($dest, 'ajax.php')) ? $dest : 'index.php';
$show_reset = false;
if ($_POST) {
    // Lookup support backends for this staff
    $username = trim($_POST['userid']);
    if ($user = StaffAuthenticationBackend::process($username, $_POST['passwd'], $errors)) {
        session_write_close();
        Http::redirect($dest);
        require_once 'index.php';
        //Just incase header is messed up.
        exit;
    }
Example #3
0
 function getPages($criteria = array())
 {
     $sql = ' SELECT id FROM ' . PAGE_TABLE . ' WHERE 1';
     if (isset($criteria['active'])) {
         $sql .= ' AND  isactive=' . db_input($criteria['active'] ? 1 : 0);
     }
     if (isset($criteria['type'])) {
         $sql .= ' AND `type`=' . db_input($criteria['type']);
     }
     $sql .= ' ORDER BY name';
     $pages = array();
     if (($res = db_query($sql)) && db_num_rows($res)) {
         while (list($id) = db_fetch_row($res)) {
             $pages[] = Page::lookup($id);
         }
     }
     return array_filter($pages);
 }
Example #4
0
     $errors['err'] = __('Unable to create local account. See messages below');
 } elseif (!$user && !$thisclient && !($user = User::fromVars($user_form->getClean()))) {
     $errors['err'] = __('Unable to register account. See messages below');
 } elseif (!$user && !($user = $thisclient ?: User::fromForm($user_form))) {
     $errors['err'] = __('Unable to register account. See messages below');
 } else {
     if (!($acct = ClientAccount::createForUser($user))) {
         $errors['err'] = __('Internal error. Unable to create new account');
     } elseif (!$acct->update($_POST, $errors)) {
         $errors['err'] = __('Errors configuring your profile. See messages below');
     }
 }
 if (!$errors) {
     switch ($_POST['do']) {
         case 'create':
             $content = Page::lookup(Page::getIdByType('registration-confirm'));
             $inc = 'register.confirm.inc.php';
             $acct->sendConfirmEmail();
             break;
         case 'import':
             if ($bk = UserAuthenticationBackend::getBackend($_POST['backend'])) {
                 $cl = new ClientSession(new EndUser($user));
                 if (!$bk->supportsInteractiveAuthentication()) {
                     $acct->set('backend', null);
                 }
                 $acct->confirm();
                 if ($user = $bk->login($cl, $bk)) {
                     Http::redirect('tickets.php');
                 }
             }
             break;
Example #5
0
 function getPage()
 {
     if (!$this->page && $this->getPageId()) {
         $this->page = Page::lookup($this->getPageId());
     }
     return $this->page;
 }
Example #6
0
<?php

if (!defined('OSTCLIENTINC')) {
    die('Access Denied');
}
$email = Format::input($_POST['luser'] ?: $_GET['e']);
$passwd = Format::input($_POST['lpasswd'] ?: $_GET['t']);
$content = Page::lookup(Page::getIdByType('banner-client'));
if ($content) {
    list($title, $body) = $ost->replaceTemplateVariables(array($content->getName(), $content->getBody()));
} else {
    $title = 'Sign In';
    $body = 'To better serve you, we encourage our clients to register for
        an account and verify the email address we have on record.';
}
?>
<h1><?php 
echo Format::display($title);
?>
</h1>
<p><?php 
echo Format::display($body);
?>
</p>
<form action="login.php" method="post" id="clientLogin">
    <?php 
csrf_token();
?>
<div style="display:table-row">
    <div style="width:40%;display:table-cell;box-shadow: 12px 0 15px -15px rgba(0,0,0,0.4);padding:15px;">
    <strong><?php 
Example #7
0
 function getThankYouPage()
 {
     if (!$this->thankyou_page && $this->getThankYouPageId()) {
         $this->thankyou_page = Page::lookup($this->getThankYouPageId());
     }
     return $this->thankyou_page;
 }
Example #8
0
 function sendResetEmail($template = 'pwreset-staff', $log = true)
 {
     global $ost, $cfg;
     $content = Page::lookup(Page::getIdByType($template));
     $token = Misc::randCode(48);
     // 290-bits
     if (!$content) {
         return new Error('Unable to retrieve password reset email template');
     }
     $vars = array('url' => $ost->getConfig()->getBaseUrl(), 'token' => $token, 'staff' => $this, 'recipient' => $this, 'reset_link' => sprintf("%s/scp/pwreset.php?token=%s", $ost->getConfig()->getBaseUrl(), $token));
     $vars['link'] =& $vars['reset_link'];
     if (!($email = $cfg->getAlertEmail())) {
         $email = $cfg->getDefaultEmail();
     }
     $info = array('email' => $email, 'vars' => &$vars, 'log' => $log);
     Signal::send('auth.pwreset.email', $this, $info);
     if ($info['log']) {
         $ost->logWarning(_S('Agent Password Reset'), sprintf(_S('Password reset was attempted for agent: %1$s<br><br>
             Requested-User-Id: %2$s<br>
             Source-Ip: %3$s<br>
             Email-Sent-To: %4$s<br>
             Email-Sent-Via: %5$s'), $this->getName(), $_POST['userid'], $_SERVER['REMOTE_ADDR'], $this->getEmail(), $email->getEmail()), false);
     }
     $msg = $ost->replaceTemplateVariables(array('subj' => $content->getName(), 'body' => $content->getBody()), $vars);
     $_config = new Config('pwreset');
     $_config->set($vars['token'], $this->getId());
     $email->send($this->getEmail(), Format::striptags($msg['subj']), $msg['body']);
 }
Example #9
0
    vim: expandtab sw=4 ts=4 sts=4:
**********************************************************************/
@chdir(dirname(__FILE__) . '/../');
require_once 'client.inc.php';
require_once INCLUDE_DIR . 'class.format.php';
require_once INCLUDE_DIR . 'class.page.php';
// Determine the requested page
// - Strip extension
$slug = Format::slugify($ost->get_path_info());
// Get the part before the first dash
$first_word = explode('-', $slug);
$first_word = $first_word[0];
$sql = 'SELECT id, name FROM ' . PAGE_TABLE . ' WHERE name LIKE ' . db_input("{$first_word}%");
$page_id = null;
$res = db_query($sql);
while (list($id, $name) = db_fetch_row($res)) {
    if (Format::slugify($name) == $slug) {
        $page_id = $id;
        break;
    }
}
if (!$page_id || !($page = Page::lookup($page_id))) {
    Http::response(404, __('Page Not Found'));
}
if (!$page->isActive() || $page->getType() != 'other') {
    Http::response(404, __('Page Not Found'));
}
require CLIENTINC_DIR . 'header.inc.php';
print $page->getBodyWithImages();
require CLIENTINC_DIR . 'footer.inc.php';
Example #10
0
                 if (($p = Page::lookup($v)) && $p->disable()) {
                     $i++;
                 }
             }
             if ($i && $i == $count) {
                 $msg = 'Selected pages disabled';
             } elseif ($i > 0) {
                 $warn = "{$num} of {$count} selected pages disabled";
             } elseif (!$errors['err']) {
                 $errors['err'] = 'Unable to disable selected pages';
             }
             break;
         case 'delete':
             $i = 0;
             foreach ($_POST['ids'] as $k => $v) {
                 if (($p = Page::lookup($v)) && $p->delete()) {
                     $i++;
                 }
             }
             if ($i && $i == $count) {
                 $msg = 'Selected pages deleted successfully';
             } elseif ($i > 0) {
                 $warn = "{$i} of {$count} selected pages deleted";
             } elseif (!$errors['err']) {
                 $errors['err'] = 'Unable to delete selected pages';
             }
             break;
         default:
             $errors['err'] = 'Unknown action - get technical help.';
     }
 }
Example #11
0
 function updateContent($id)
 {
     global $thisstaff;
     if (!$thisstaff) {
         Http::response(403, 'Login Required');
     } elseif (!$_POST['name'] || !$_POST['body']) {
         Http::response(422, 'Please submit name and body');
     } elseif (!($content = Page::lookup($id))) {
         Http::response(404, 'No such content');
     }
     $vars = array_merge($content->getHashtable(), $_POST);
     $errors = array();
     if (!$content->save($id, $vars, $errors)) {
         if ($errors['err']) {
             Http::response(422, $errors['err']);
         } else {
             Http::response(500, 'Unable to update content: ' . print_r($errors, true));
         }
     }
 }
Example #12
0
 protected function sendUnlockEmail($template)
 {
     global $ost, $cfg;
     $token = Misc::randCode(48);
     // 290-bits
     $email = $cfg->getDefaultEmail();
     $content = Page::lookup(Page::getIdByType($template));
     if (!$email || !$content) {
         return new Error(sprintf(_S('%s: Unable to retrieve template'), $template));
     }
     $vars = array('url' => $ost->getConfig()->getBaseUrl(), 'token' => $token, 'user' => $this->getUser(), 'recipient' => $this->getUser(), 'link' => sprintf("%s/pwreset.php?token=%s", $ost->getConfig()->getBaseUrl(), $token));
     $vars['reset_link'] =& $vars['link'];
     $info = array('email' => $email, 'vars' => &$vars, 'log' => true);
     Signal::send('auth.pwreset.email', $this->getUser(), $info);
     $msg = $ost->replaceTemplateVariables(array('subj' => $content->getName(), 'body' => $content->getBody()), $vars);
     $_config = new Config('pwreset');
     $_config->set($vars['token'], $this->getUser()->getId());
     $email->send($this->getUser()->getEmail(), Format::striptags($msg['subj']), $msg['body']);
     return true;
 }
Example #13
0
 function updateContent($id)
 {
     global $thisstaff;
     if (!$thisstaff) {
         Http::response(403, 'Login Required');
     } elseif (!($content = Page::lookup($id))) {
         Http::response(404, 'No such content');
     }
     if (!isset($_POST['body'])) {
         $_POST['body'] = '';
     }
     $vars = array_merge($content->getHashtable(), $_POST);
     $errors = array();
     // Allow empty content for the staff banner
     if ($content->save($id, $vars, $errors, $content->getType() == 'banner-staff')) {
         Http::response(201, 'Have a great day!');
     }
     if (!$errors['err']) {
         $errors['err'] = __('Correct the error(s) below and try again!');
     }
     $info = $_POST;
     $errors = Format::htmlchars($errors);
     include STAFFINC_DIR . 'templates/content-manage.tmpl.php';
 }