/**
* Administrator function used to update a client account. It updates one tab at a time - determined by the
* second $tab_num parameter.
*
* @param array $infohash This parameter should be a hash (e.g. $_POST or $_GET) containing keys
* named the same as the database fields.
* @param integer $tab_num the tab number (1-3: 1=main, 2=styles, 3=permissions)
* @return array [0]: true/false (success / failure)
* [1]: message string
*/
function ft_admin_update_client($infohash, $tab_num)
{
global $g_table_prefix, $g_debug, $LANG, $g_password_special_chars;
extract(ft_process_hook_calls("start", compact("infohash", "tab_num"), array("infohash", "tab_num")), EXTR_OVERWRITE);
$success = true;
$message = $LANG["notify_client_account_updated"];
$form_vals = ft_sanitize($infohash);
$account_id = $form_vals["client_id"];
switch ($tab_num) {
// MAIN tab
case "1":
$rules = array();
$rules[] = "required,first_name,{$LANG["validation_no_client_first_name"]}";
$rules[] = "required,last_name,{$LANG["validation_no_client_last_name"]}";
$rules[] = "required,email,{$LANG["validation_no_client_email"]}";
$rules[] = "valid_email,email,{$LANG["validation_invalid_email"]}";
$rules[] = "required,username,{$LANG["validation_no_client_username"]}";
$rules[] = "if:password!=,required,password_2,{$LANG["validation_no_account_password_confirmed"]}";
$rules[] = "if:password!=,same_as,password,password_2,{$LANG["validation_passwords_different"]}";
$account_settings = ft_get_account_settings($account_id);
if ($account_settings["min_password_length"] != "" && !empty($form_vals["password"])) {
$rule = ft_eval_smarty_string($LANG["validation_client_password_too_short"], array("number" => $account_settings["min_password_length"]));
$rules[] = "length>={$account_settings["min_password_length"]},password,{$rule}";
}
if (!empty($form_vals["password"])) {
$required_password_chars = explode(",", $account_settings["required_password_chars"]);
if (in_array("uppercase", $required_password_chars)) {
$rules[] = "reg_exp,password,[A-Z],{$LANG["validation_client_password_missing_uppercase"]}";
}
if (in_array("number", $required_password_chars)) {
$rules[] = "reg_exp,password,[0-9],{$LANG["validation_client_password_missing_number"]}";
}
if (in_array("special_char", $required_password_chars)) {
$error = ft_eval_smarty_string($LANG["validation_client_password_missing_special_char"], array("chars" => $g_password_special_chars));
$password_special_chars = preg_quote($g_password_special_chars);
$rules[] = "reg_exp,password,[{$password_special_chars}],{$error}";
}
}
$errors = validate_fields($form_vals, $rules);
// check the username isn't already taken
$username = $form_vals['username'];
list($valid_username, $problem) = _ft_is_valid_username($username, $account_id);
if (!$valid_username) {
$errors[] = $problem;
}
if (!empty($form_vals["password"])) {
// check the password isn't already in password history (if relevant)
if (!empty($account_settings["num_password_history"])) {
$encrypted_password = md5(md5($form_vals["password"]));
if (ft_password_in_password_history($account_id, $encrypted_password, $account_settings["num_password_history"])) {
$errors[] = ft_eval_smarty_string($LANG["validation_password_in_password_history"], array("history_size" => $account_settings["num_password_history"]));
} else {
ft_add_password_to_password_history($account_id, $encrypted_password);
}
}
}
if (!empty($errors)) {
$success = false;
array_walk($errors, create_function('&$el', '$el = "• " . $el;'));
$message = implode("<br />", $errors);
return array($success, $message);
}
$account_status = $form_vals['account_status'];
$first_name = $form_vals['first_name'];
$last_name = $form_vals['last_name'];
$email = $form_vals['email'];
$password = $form_vals['password'];
// if the password is defined, md5 it
$password_sql = !empty($password) ? "password = '******', " : "";
$query = "\n UPDATE {$g_table_prefix}accounts\n SET {$password_sql}\n account_status = '{$account_status}',\n first_name = '{$first_name}',\n last_name = '{$last_name}',\n email = '{$email}',\n username = '******'\n WHERE account_id = {$account_id}\n ";
// execute the query
$result = @mysql_query($query);
if (!$result) {
$success = false;
$message = $LANG["notify_client_account_not_updated"];
if ($g_debug) {
$message .= "<br/>Query: {$query}<br />Error: " . mysql_error();
}
}
$new_account_settings = array("client_notes" => $form_vals["client_notes"], "company_name" => $form_vals["company_name"]);
ft_set_account_settings($account_id, $new_account_settings);
break;
// SETTINGS tab
// SETTINGS tab
case "2":
$rules = array();
$rules[] = "required,page_titles,{$LANG["validation_no_titles"]}";
$rules[] = "required,menu_id,{$LANG["validation_no_menu"]}";
$rules[] = "required,theme,{$LANG["validation_no_theme"]}";
$rules[] = "required,login_page,{$LANG["validation_no_client_login_page"]}";
$rules[] = "required,logout_url,{$LANG["validation_no_logout_url"]}";
$rules[] = "required,ui_language,{$LANG["validation_no_ui_language"]}";
$rules[] = "required,sessions_timeout,{$LANG["validation_no_sessions_timeout"]}";
$rules[] = "digits_only,sessions_timeout,{$LANG["validation_invalid_sessions_timeout"]}";
$rules[] = "required,date_format,{$LANG["validation_no_date_format"]}";
$errors = validate_fields($form_vals, $rules);
if (!empty($errors)) {
$success = false;
array_walk($errors, create_function('&$el', '$el = "• " . $el;'));
$message = implode("<br />", $errors);
return array($success, $message);
}
// update the main accounts table
$ui_language = $form_vals['ui_language'];
$timezone_offset = $form_vals['timezone_offset'];
$login_page = $form_vals['login_page'];
$logout_url = $form_vals['logout_url'];
$menu_id = $form_vals['menu_id'];
$theme = $form_vals['theme'];
$sessions_timeout = $form_vals['sessions_timeout'];
$date_format = $form_vals['date_format'];
$swatch = "";
if (isset($infohash["{$theme}_theme_swatches"])) {
$swatch = $infohash["{$theme}_theme_swatches"];
}
$query = "\n UPDATE {$g_table_prefix}accounts\n SET ui_language = '{$ui_language}',\n timezone_offset = '{$timezone_offset}',\n login_page = '{$login_page}',\n logout_url = '{$logout_url}',\n menu_id = {$menu_id},\n theme = '{$theme}',\n swatch = '{$swatch}',\n sessions_timeout = '{$sessions_timeout}',\n date_format = '{$date_format}'\n WHERE account_id = {$account_id}\n ";
// execute the query
$result = @mysql_query($query);
if (!$result) {
$success = false;
$message = $LANG["notify_client_account_not_updated"];
if ($g_debug) {
$message .= "<br/>Query: {$query}<br />Error: " . mysql_error();
}
return array($success, $message);
}
$may_edit_page_titles = isset($infohash["may_edit_page_titles"]) ? "yes" : "no";
$may_edit_footer_text = isset($infohash["may_edit_footer_text"]) ? "yes" : "no";
$may_edit_theme = isset($infohash["may_edit_theme"]) ? "yes" : "no";
$may_edit_logout_url = isset($infohash["may_edit_logout_url"]) ? "yes" : "no";
$may_edit_language = isset($infohash["may_edit_language"]) ? "yes" : "no";
$may_edit_timezone_offset = isset($infohash["may_edit_timezone_offset"]) ? "yes" : "no";
$may_edit_sessions_timeout = isset($infohash["may_edit_sessions_timeout"]) ? "yes" : "no";
$may_edit_date_format = isset($infohash["may_edit_date_format"]) ? "yes" : "no";
$may_edit_max_failed_login_attempts = isset($infohash["may_edit_max_failed_login_attempts"]) ? "yes" : "no";
$max_failed_login_attempts = $infohash["max_failed_login_attempts"];
$min_password_length = $infohash["min_password_length"];
$num_password_history = $infohash["num_password_history"];
$required_password_chars = isset($infohash["required_password_chars"]) && is_array($infohash["required_password_chars"]) ? implode(",", $infohash["required_password_chars"]) : "";
$forms_page_default_message = $infohash["forms_page_default_message"];
// update the client custom account settings table
$settings = array("page_titles" => $form_vals["page_titles"], "footer_text" => $form_vals["footer_text"], "may_edit_page_titles" => $may_edit_page_titles, "may_edit_footer_text" => $may_edit_footer_text, "may_edit_theme" => $may_edit_theme, "may_edit_logout_url" => $may_edit_logout_url, "may_edit_language" => $may_edit_language, "may_edit_timezone_offset" => $may_edit_timezone_offset, "may_edit_sessions_timeout" => $may_edit_sessions_timeout, "may_edit_max_failed_login_attempts" => $may_edit_max_failed_login_attempts, "max_failed_login_attempts" => $max_failed_login_attempts, "required_password_chars" => $required_password_chars, "min_password_length" => $min_password_length, "num_password_history" => $num_password_history, "forms_page_default_message" => $forms_page_default_message);
ft_set_account_settings($account_id, $settings);
break;
// FORMS tab
// FORMS tab
case "3":
// clear out the old mappings for the client-forms and client-Views. This section re-inserts everything
mysql_query("DELETE FROM {$g_table_prefix}client_forms WHERE account_id = {$account_id}");
mysql_query("DELETE FROM {$g_table_prefix}client_views WHERE account_id = {$account_id}");
mysql_query("DELETE FROM {$g_table_prefix}public_form_omit_list WHERE account_id = {$account_id}");
mysql_query("DELETE FROM {$g_table_prefix}public_view_omit_list WHERE account_id = {$account_id}");
$num_form_rows = $infohash["num_forms"];
$client_forms = array();
// stores the form IDs of all forms this client has been added to
$client_form_views = array();
// stores the view IDs of each form this client is associated with
for ($i = 1; $i <= $num_form_rows; $i++) {
// ignore blank and empty form rows
if (!isset($infohash["form_row_{$i}"]) || empty($infohash["form_row_{$i}"])) {
continue;
}
$form_id = $infohash["form_row_{$i}"];
$client_forms[] = $form_id;
$client_form_views[$form_id] = array();
// find out a little info about this form. If it's a public form, the user is already (implicitly) assigned
// to it, so don't bother inserting a redundant record into the client_forms table
$form_info_query = mysql_query("SELECT access_type FROM {$g_table_prefix}forms WHERE form_id = {$form_id}");
$form_info = mysql_fetch_assoc($form_info_query);
if ($form_info["access_type"] != "public") {
mysql_query("INSERT INTO {$g_table_prefix}client_forms (account_id, form_id) VALUES ({$account_id}, {$form_id})");
}
// if this form was previously an "admin" type, it no longer is! By adding this client to the form, it's now
// changed to a "private" access type
if ($form_info["access_type"] == "admin") {
mysql_query("UPDATE {$g_table_prefix}forms SET access_type = 'private' WHERE form_id = {$form_id}");
}
// now loop through selected Views. Get View info
if (!isset($infohash["row_{$i}_selected_views"])) {
continue;
}
$client_form_views[$form_id] = $infohash["row_{$i}_selected_views"];
foreach ($infohash["row_{$i}_selected_views"] as $view_id) {
$view_info_query = mysql_query("SELECT access_type FROM {$g_table_prefix}views WHERE view_id = {$view_id}");
$view_info = mysql_fetch_assoc($view_info_query);
if ($view_info["access_type"] != "public") {
mysql_query("INSERT INTO {$g_table_prefix}client_views (account_id, view_id) VALUES ({$account_id}, {$view_id})");
}
// if this View was previously an "admin" type, it no longer is! By adding this client to the View, it's now
// changed to a "private" access type
if ($view_info["access_type"] == "admin") {
mysql_query("UPDATE {$g_table_prefix}views SET access_type = 'private' WHERE view_id = {$view_id}");
}
}
}
// now all the ADDING the forms/Views is done, we look at all other public forms in the database and if this
// update request didn't include that form, add this client to its omit list. Same goes for the form Views
$public_form_query = mysql_query("SELECT form_id, access_type FROM {$g_table_prefix}forms");
while ($form_info = mysql_fetch_assoc($public_form_query)) {
$form_id = $form_info["form_id"];
$form_is_public = $form_info["access_type"] == "public" ? true : false;
if ($form_is_public && !in_array($form_id, $client_forms)) {
mysql_query("INSERT INTO {$g_table_prefix}public_form_omit_list (account_id, form_id) VALUES ({$account_id}, {$form_id})");
}
if (in_array($form_id, $client_forms)) {
$public_view_query = mysql_query("SELECT view_id, access_type FROM {$g_table_prefix}views WHERE form_id = {$form_id}");
while ($view_info = mysql_fetch_assoc($public_view_query)) {
$view_id = $view_info["view_id"];
$view_is_public = $view_info["access_type"] == "public" ? true : false;
if ($view_is_public && !in_array($view_id, $client_form_views[$form_id])) {
mysql_query("INSERT INTO {$g_table_prefix}public_view_omit_list (account_id, view_id) VALUES ({$account_id}, {$view_id})");
}
}
}
}
break;
}
extract(ft_process_hook_calls("end", compact("infohash", "tab_num"), array("success", "message")), EXTR_OVERWRITE);
return array($success, $message);
}
/**
* Updates a client account. Used for whomever is currently logged in.
*
* @param array $info This parameter should be a hash (e.g. $_POST or $_GET) containing keys
* named the same as the database fields.
* @return array [0]: true/false (success / failure)
* [1]: message string
*/
function ft_update_client($account_id, $info)
{
global $g_table_prefix, $LANG, $g_password_special_chars;
$success = true;
$message = $LANG["notify_account_updated"];
$info = ft_sanitize($info);
extract(ft_process_hook_calls("start", compact("account_id", "info"), array("info")), EXTR_OVERWRITE);
$client_info = ft_get_account_info($account_id);
$page = $info["page"];
switch ($page) {
case "main":
$first_name = $info["first_name"];
$last_name = $info["last_name"];
$email = $info["email"];
$username = $info["username"];
$password_clause = "";
$rules = array();
if (!empty($info["password"])) {
$required_password_chars = explode(",", $client_info["settings"]["required_password_chars"]);
if (in_array("uppercase", $required_password_chars)) {
$rules[] = "reg_exp,password,[A-Z],{$LANG["validation_client_password_missing_uppercase"]}";
}
if (in_array("number", $required_password_chars)) {
$rules[] = "reg_exp,password,[0-9],{$LANG["validation_client_password_missing_number"]}";
}
if (in_array("special_char", $required_password_chars)) {
$error = ft_eval_smarty_string($LANG["validation_client_password_missing_special_char"], array("chars" => $g_password_special_chars));
$password_special_chars = preg_quote($g_password_special_chars);
$rules[] = "reg_exp,password,[{$password_special_chars}],{$error}";
}
if (!empty($client_info["settings"]["min_password_length"])) {
$rule = ft_eval_smarty_string($LANG["validation_client_password_too_short"], array("number" => $client_info["settings"]["min_password_length"]));
$rules[] = "length>={$client_info["settings"]["min_password_length"]},password,{$rule}";
}
// encrypt the password on the assumption that it passes validation. It'll be used in the update query
$password = md5(md5($info['password']));
$password_clause = "password = '******',";
}
$errors = validate_fields($info, $rules);
// check to see if username is already taken
list($valid_username, $problem) = _ft_is_valid_username($username, $account_id);
if (!$valid_username) {
$errors[] = $problem;
}
// check the password isn't already in password history (if relevant)
if (!empty($info["password"])) {
if (!empty($client_info["settings"]["num_password_history"])) {
$encrypted_password = md5(md5($info["password"]));
if (ft_password_in_password_history($account_id, $encrypted_password, $client_info["settings"]["num_password_history"])) {
$errors[] = ft_eval_smarty_string($LANG["validation_password_in_password_history"], array("history_size" => $client_info["settings"]["num_password_history"]));
} else {
ft_add_password_to_password_history($account_id, $encrypted_password);
}
}
}
if (!empty($errors)) {
$success = false;
array_walk($errors, create_function('&$el', '$el = "• " . $el;'));
$message = implode("<br />", $errors);
return array($success, $message);
}
$query = "\n UPDATE {$g_table_prefix}accounts\n SET {$password_clause}\n first_name = '{$first_name}',\n last_name = '{$last_name}',\n username = '******',\n email = '{$email}'\n WHERE account_id = {$account_id}\n ";
if (mysql_query($query)) {
// if the password wasn't empty, reset the temporary password, in case it was set
if (!empty($info["password"])) {
mysql_query("UPDATE {$g_table_prefix}accounts SET temp_reset_password = NULL where account_id = {$account_id}");
}
} else {
ft_handle_error("Failed query in <b>" . __FUNCTION__ . "</b>: <i>{$query}</i>", mysql_error());
}
break;
case "settings":
$rules = array();
if ($client_info["settings"]["may_edit_page_titles"] == "yes") {
$rules[] = "required,page_titles,{$LANG["validation_no_titles"]}";
}
if ($client_info["settings"]["may_edit_theme"] == "yes") {
$rules[] = "required,theme,{$LANG["validation_no_theme"]}";
}
if ($client_info["settings"]["may_edit_logout_url"] == "yes") {
$rules[] = "required,logout_url,{$LANG["validation_no_logout_url"]}";
}
if ($client_info["settings"]["may_edit_language"] == "yes") {
$rules[] = "required,ui_language,{$LANG["validation_no_ui_language"]}";
}
if ($client_info["settings"]["may_edit_timezone_offset"] == "yes") {
$rules[] = "required,timezone_offset,{$LANG["validation_no_timezone_offset"]}";
}
if ($client_info["settings"]["may_edit_sessions_timeout"] == "yes") {
$rules[] = "required,sessions_timeout,{$LANG["validation_no_sessions_timeout"]}";
$rules[] = "digits_only,sessions_timeout,{$LANG["validation_invalid_sessions_timeout"]}";
}
if ($client_info["settings"]["may_edit_date_format"] == "yes") {
$rules[] = "required,date_format,{$LANG["validation_no_date_format"]}";
}
$errors = validate_fields($info, $rules);
if (!empty($errors)) {
$success = false;
array_walk($errors, create_function('&$el', '$el = "• " . $el;'));
$message = implode("<br />", $errors);
return array($success, $message);
}
// update the main accounts table. Only update those settings they're ALLOWED to
$settings = array();
if ($client_info["settings"]["may_edit_language"] == "yes") {
$settings["ui_language"] = $info["ui_language"];
}
if ($client_info["settings"]["may_edit_timezone_offset"] == "yes") {
$settings["timezone_offset"] = $info["timezone_offset"];
}
if ($client_info["settings"]["may_edit_logout_url"] == "yes") {
$settings["logout_url"] = $info["logout_url"];
}
if ($client_info["settings"]["may_edit_sessions_timeout"] == "yes") {
$settings["sessions_timeout"] = $info["sessions_timeout"];
}
if ($client_info["settings"]["may_edit_theme"] == "yes") {
$settings["theme"] = $info["theme"];
$settings["swatch"] = "";
if (isset($info["{$info["theme"]}_theme_swatches"])) {
$settings["swatch"] = $info["{$info["theme"]}_theme_swatches"];
}
}
if ($client_info["settings"]["may_edit_date_format"] == "yes") {
$settings["date_format"] = $info["date_format"];
}
if (!empty($settings)) {
$sql_rows = array();
while (list($column, $value) = each($settings)) {
$sql_rows[] = "{$column} = '{$value}'";
}
$sql = implode(",\n", $sql_rows);
$query = "\n UPDATE {$g_table_prefix}accounts\n SET {$sql}\n WHERE account_id = {$account_id}\n ";
mysql_query($query) or ft_handle_error("Failed query in <b>" . __FUNCTION__ . "</b>: <i>{$query}</i>", mysql_error());
}
$settings = array();
if (isset($info["page_titles"])) {
$settings["page_titles"] = $info["page_titles"];
}
if (isset($info["footer_text"])) {
$settings["footer_text"] = $info["footer_text"];
}
if (isset($info["max_failed_login_attempts"])) {
$settings["max_failed_login_attempts"] = $info["max_failed_login_attempts"];
}
if (!empty($settings)) {
ft_set_account_settings($account_id, $settings);
}
break;
}
extract(ft_process_hook_calls("end", compact("account_id", "info"), array("success", "message")), EXTR_OVERWRITE);
// update sessions
$_SESSION["ft"]["settings"] = ft_get_settings();
$_SESSION["ft"]["account"] = ft_get_account_info($account_id);
$_SESSION["ft"]["account"]["is_logged_in"] = true;
return array($success, $message);
}
