function update($vars, &$errors)
{
global $cfg;
$rtoken = $_SESSION['_client']['reset-token'];
if ($vars['passwd1'] || $vars['passwd2'] || $vars['cpasswd'] || $rtoken) {
if (!$vars['passwd1']) {
$errors['passwd1'] = __('New password is required');
} elseif ($vars['passwd1'] && strlen($vars['passwd1']) < 6) {
$errors['passwd1'] = __('Password must be at least 6 characters');
} elseif ($vars['passwd1'] && strcmp($vars['passwd1'], $vars['passwd2'])) {
$errors['passwd2'] = __('Passwords do not match');
}
if ($rtoken) {
$_config = new Config('pwreset');
if ($_config->get($rtoken) != $this->getUserId()) {
$errors['err'] = __('Invalid reset token. Logout and try again');
} elseif (!($ts = $_config->lastModified($rtoken)) && $cfg->getPwResetWindow() < time() - strtotime($ts)) {
$errors['err'] = __('Invalid reset token. Logout and try again');
}
} elseif ($this->get('passwd')) {
if (!$vars['cpasswd']) {
$errors['cpasswd'] = __('Current password is required');
} elseif (!$this->hasCurrentPassword($vars['cpasswd'])) {
$errors['cpasswd'] = __('Invalid current password!');
} elseif (!strcasecmp($vars['passwd1'], $vars['cpasswd'])) {
$errors['passwd1'] = __('New password MUST be different from the current password!');
}
}
}
if (!$vars['timezone_id']) {
$errors['timezone_id'] = __('Time zone selection is required');
}
if ($errors) {
return false;
}
$this->set('timezone_id', $vars['timezone_id']);
$this->set('dst', isset($vars['dst']) ? 1 : 0);
// Change language
$this->set('lang', $vars['lang'] ?: null);
$_SESSION['client:lang'] = null;
TextDomain::configureForUser($this);
if ($vars['backend']) {
$this->set('backend', $vars['backend']);
if ($vars['username']) {
$this->set('username', $vars['username']);
}
}
if ($vars['passwd1']) {
$this->set('passwd', Passwd::hash($vars['passwd1']));
$info = array('password' => $vars['passwd1']);
Signal::send('auth.pwchange', $this->getUser(), $info);
$this->cancelResetTokens();
$this->clearStatus(UserAccountStatus::REQUIRE_PASSWD_RESET);
}
return $this->save();
}
function signOn($errors = array())
{
global $ost;
if (!isset($_POST['userid']) || !isset($_POST['token'])) {
return false;
} elseif (!($_config = new Config('pwreset'))) {
return false;
} elseif (!($acct = ClientAccount::lookupByUsername($_POST['userid'])) || !$acct->getId() || !($client = new ClientSession(new EndUser($acct->getUser())))) {
$errors['msg'] = __('Invalid user-id given');
} elseif (!($id = $_config->get($_POST['token'])) || $id != $client->getId()) {
$errors['msg'] = __('Invalid reset token');
} elseif (!($ts = $_config->lastModified($_POST['token'])) && $ost->getConfig()->getPwResetWindow() < time() - strtotime($ts)) {
$errors['msg'] = __('Invalid reset token');
} elseif (!$acct->forcePasswdReset()) {
$errors['msg'] = __('Unable to reset password');
} else {
return $client;
}
}
function updateProfile($vars, &$errors)
{
global $cfg;
$vars['firstname'] = Format::striptags($vars['firstname']);
$vars['lastname'] = Format::striptags($vars['lastname']);
if ($this->getId() != $vars['id']) {
$errors['err'] = __('Internal error occurred');
}
if (!$vars['firstname']) {
$errors['firstname'] = __('First name is required');
}
if (!$vars['lastname']) {
$errors['lastname'] = __('Last name is required');
}
if (!$vars['email'] || !Validator::is_valid_email($vars['email'])) {
$errors['email'] = __('Valid email is required');
} elseif (Email::getIdByEmail($vars['email'])) {
$errors['email'] = __('Already in-use as system email');
} elseif (($uid = Staff::getIdByEmail($vars['email'])) && $uid != $this->getId()) {
$errors['email'] = __('Email already in-use by another agent');
}
if ($vars['phone'] && !Validator::is_phone($vars['phone'])) {
$errors['phone'] = __('Valid phone number is required');
}
if ($vars['mobile'] && !Validator::is_phone($vars['mobile'])) {
$errors['mobile'] = __('Valid phone number is required');
}
if ($vars['passwd1'] || $vars['passwd2'] || $vars['cpasswd']) {
if (!$vars['passwd1']) {
$errors['passwd1'] = __('New password is required');
} elseif ($vars['passwd1'] && strlen($vars['passwd1']) < 6) {
$errors['passwd1'] = __('Password must be at least 6 characters');
} elseif ($vars['passwd1'] && strcmp($vars['passwd1'], $vars['passwd2'])) {
$errors['passwd2'] = __('Passwords do not match');
}
if ($rtoken = $_SESSION['_staff']['reset-token']) {
$_config = new Config('pwreset');
if ($_config->get($rtoken) != $this->getId()) {
$errors['err'] = __('Invalid reset token. Logout and try again');
} elseif (!($ts = $_config->lastModified($rtoken)) && $cfg->getPwResetWindow() < time() - strtotime($ts)) {
$errors['err'] = __('Invalid reset token. Logout and try again');
}
} elseif (!$vars['cpasswd']) {
$errors['cpasswd'] = __('Current password is required');
} elseif (!$this->cmp_passwd($vars['cpasswd'])) {
$errors['cpasswd'] = __('Invalid current password!');
} elseif (!strcasecmp($vars['passwd1'], $vars['cpasswd'])) {
$errors['passwd1'] = __('New password MUST be different from the current password!');
}
}
if (!$vars['timezone_id']) {
$errors['timezone_id'] = __('Time zone selection is required');
}
if ($vars['default_signature_type'] == 'mine' && !$vars['signature']) {
$errors['default_signature_type'] = __("You don't have a signature");
}
if ($errors) {
return false;
}
$this->config->set('lang', $vars['lang']);
$_SESSION['staff:lang'] = null;
TextDomain::configureForUser($this);
$sql = 'UPDATE ' . STAFF_TABLE . ' SET updated=NOW() ' . ' ,firstname=' . db_input($vars['firstname']) . ' ,lastname=' . db_input($vars['lastname']) . ' ,email=' . db_input($vars['email']) . ' ,phone="' . db_input(Format::phone($vars['phone']), false) . '"' . ' ,phone_ext=' . db_input($vars['phone_ext']) . ' ,mobile="' . db_input(Format::phone($vars['mobile']), false) . '"' . ' ,signature=' . db_input(Format::sanitize($vars['signature'])) . ' ,timezone_id=' . db_input($vars['timezone_id']) . ' ,daylight_saving=' . db_input(isset($vars['daylight_saving']) ? 1 : 0) . ' ,show_assigned_tickets=' . db_input(isset($vars['show_assigned_tickets']) ? 1 : 0) . ' ,max_page_size=' . db_input($vars['max_page_size']) . ' ,auto_refresh_rate=' . db_input($vars['auto_refresh_rate']) . ' ,default_signature_type=' . db_input($vars['default_signature_type']) . ' ,default_paper_size=' . db_input($vars['default_paper_size']);
if ($vars['passwd1']) {
$sql .= ' ,change_passwd=0, passwdreset=NOW(), passwd=' . db_input(Passwd::hash($vars['passwd1']));
$info = array('password' => $vars['passwd1']);
Signal::send('auth.pwchange', $this, $info);
$this->cancelResetTokens();
}
$sql .= ' WHERE staff_id=' . db_input($this->getId());
//echo $sql;
return db_query($sql);
}
if (!$staff->sendResetEmail()) {
$tpl = 'pwreset.sent.php';
}
} else {
$msg = 'Unable to verify username ' . Format::htmlchars($_POST['userid']);
}
break;
case 'newpasswd':
// TODO: Compare passwords
$tpl = 'pwreset.login.php';
$_config = new Config('pwreset');
if (($staff = new StaffSession($_POST['userid'])) && !$staff->getId()) {
$msg = 'Invalid user-id given';
} elseif (!($id = $_config->get($_POST['token'])) || $id != $staff->getId()) {
$msg = 'Invalid reset token';
} elseif (!($ts = $_config->lastModified($_POST['token'])) && $ost->getConfig()->getPwResetWindow() < time() - strtotime($ts)) {
$msg = 'Invalid reset token';
} elseif (!$staff->forcePasswdRest()) {
$msg = 'Unable to reset password';
} else {
$info = array('page' => 'index.php');
Signal::send('auth.pwreset.login', $staff, $info);
Staff::_do_login($staff, $_POST['userid']);
$_SESSION['_staff']['reset-token'] = $_POST['token'];
header('Location: ' . $info['page']);
exit;
}
break;
}
} elseif ($_GET['token']) {
$msg = 'Re-enter your username or email';
