function save($id, $vars, &$errors)
{
if ($id && $id != $vars['client_id']) {
$errors['err'] = _('Internal Error');
}
// Check email.
if (!$vars['client_email'] || !Validator::is_email($vars['client_email'])) {
$errors['email'] = _('Valid email required');
} elseif (Email::getIdByEmail($vars['client_email'])) {
$errors['email'] = _('Already in-use system email');
} else {
//check if the email is already in-use.
$sql = 'SELECT client_id FROM ' . CLIENT_TABLE . ' WHERE client_email=' . db_input($vars['client_email']);
if ($id) {
$sql .= ' AND client_id!=' . db_input($id);
}
if (db_num_rows(db_query($sql))) {
$errors['email'] = _('Already in-use email');
}
}
if ($vars['client_phone'] && !Validator::is_phone($vars['client_phone'])) {
$errors['phone'] = _('Valid number required');
}
if ($vars['client_mobile'] && !Validator::is_phone($vars['client_mobile'])) {
$errors['mobile'] = _('Valid number required');
}
// Check passwords
if ($vars['npassword'] || $vars['vpassword'] || !$id) {
if (!$vars['npassword'] && !$id) {
$errors['npassword'] = _('Password required');
} elseif ($vars['npassword'] && strcmp($vars['npassword'], $vars['vpassword'])) {
$errors['vpassword'] = _('Password(s) do not match');
} elseif ($vars['npassword'] && strlen($vars['npassword']) < 6) {
$errors['npassword'] = _('Must be at least 6 characters');
} elseif ($vars['npassword'] && strlen($vars['npassword']) > 128) {
$errors['npassword'] = _('Password too long');
}
}
if (!$errors) {
$sql = ' SET client_isactive=' . db_input($vars['client_isactive']) . ',client_email=' . db_input(Format::striptags($vars['client_email'])) . ',client_firstname=' . db_input(Format::striptags($vars['client_firstname'])) . ',client_lastname=' . db_input(Format::striptags($vars['client_lastname'])) . ',client_organization=' . db_input(Format::striptags($vars['client_organization'])) . ',client_phone="' . db_input($vars['client_phone'], false) . '"' . ',client_mobile="' . db_input($vars['client_mobile'], false) . '"';
if ($vars['npassword']) {
$hash = PhpassHashedPass::hash($vars['npassword']);
$sql .= ',client_password='******'UPDATE ' . CLIENT_TABLE . ' ' . $sql . ' WHERE client_id=' . db_input($id);
if (!db_query($sql) || !db_affected_rows()) {
$errors['err'] = _('Unable to update the user. Internal error occured');
}
if ($vars['old_client_email'] != $vars['client_email']) {
// Email changed? Update the tickets!
$sql = 'UPDATE ' . TICKET_TABLE . ' SET email=' . db_input(Format::striptags($vars['client_email'])) . ' WHERE email=' . db_input($vars['old_client_email']);
if (!db_query($sql)) {
$errors['err'] = _('Unable to update the user. Internal error occured');
}
//TODO: reverse the previous db operation!
}
} else {
$sql = 'INSERT INTO ' . CLIENT_TABLE . ' ' . $sql . ',client_created=NOW()';
if (db_query($sql) && ($uID = db_insert_id())) {
return $uID;
}
$errors['err'] = _('Unable to create user. Internal error');
}
}
return $errors ? false : true;
}
function save($id, $vars, &$errors)
{
if ($id && $id != $vars['staff_id']) {
$errors['err'] = _('Internal Error');
}
if (!$vars['firstname'] || !$vars['lastname']) {
$errors['name'] = _('First and last name required');
}
if (!$vars['username'] || strlen($vars['username']) < 3) {
$errors['username'] = _('Username required');
} else {
//check if the username is already in-use.
$sql = 'SELECT staff_id FROM ' . STAFF_TABLE . ' WHERE username='******'username']);
if ($id) {
$sql .= ' AND staff_id!=' . db_input($id);
}
if (db_num_rows(db_query($sql))) {
$errors['username'] = _('Username already in-use');
}
}
// Check email.
if (!$vars['email'] || !Validator::is_email($vars['email'])) {
$errors['email'] = _('Valid email required');
} elseif (Email::getIdByEmail($vars['email'])) {
$errors['email'] = _('Already in-use system email');
} else {
//check if the email is already in-use.
$sql = 'SELECT staff_id FROM ' . STAFF_TABLE . ' WHERE email=' . db_input($vars['email']);
if ($id) {
$sql .= ' AND staff_id!=' . db_input($id);
}
if (db_num_rows(db_query($sql))) {
$errors['email'] = _('Already in-use email');
}
}
if ($vars['phone'] && !Validator::is_phone($vars['phone'])) {
$errors['phone'] = _('Valid number required');
}
if ($vars['mobile'] && !Validator::is_phone($vars['mobile'])) {
$errors['mobile'] = _('Valid number required');
}
// Chek password
if ($vars['npassword'] || $vars['vpassword'] || !$id) {
if (!$vars['npassword'] && !$id) {
$errors['npassword'] = _('Temp password required');
} elseif ($vars['npassword'] && strcmp($vars['npassword'], $vars['vpassword'])) {
$errors['vpassword'] = _('Password(s) do not match');
} elseif ($vars['npassword'] && strlen($vars['npassword']) < 6) {
$errors['npassword'] = _('Must be at least 6 characters');
} elseif ($vars['npassword'] && strlen($vars['npassword']) > 128) {
$errors['npassword'] = _('Password too long');
}
}
// Check department
if (!$vars['dept_id']) {
$errors['dept'] = _('Department required');
} elseif ($id && $this->getDeptId() != $vars['dept_id']) {
//check if the user is still dept. manager.
$sql = 'SELECT dept_name FROM ' . DEPT_TABLE . ' WHERE dept_id=' . db_input($this->getDeptId()) . ' AND manager_id=' . db_input($id);
if (db_num_rows(db_query($sql))) {
$errors['dept'] = _('The user is currently manager of his/her department');
}
}
// Check if the role is select and that it remains at least one administrator
if (!$vars['role_id']) {
$errors['role'] = _('Role required');
} elseif ($vars['role_id'] == "1") {
$isadmin = "1";
} elseif ($id && db_count('SELECT COUNT(*) FROM ' . STAFF_TABLE . ' WHERE staff_id = ' . db_input($id) . ' AND isadmin = 1') == 1 && db_count('SELECT COUNT(*) FROM ' . STAFF_TABLE . ' WHERE isadmin = 1') == 1) {
$errors['role'] = _('At least an administrator must remain');
} else {
$isadmin = "0";
}
if (!$errors) {
$sql = ' SET updated=NOW() ' . ',isadmin=' . db_input($isadmin) . ',isactive=' . db_input($vars['isactive']) . ',isvisible=' . db_input(isset($vars['isvisible']) ? 1 : 0) . ',onvacation=' . db_input(isset($vars['onvacation']) ? 1 : 0) . ',dept_id=' . db_input($vars['dept_id']) . ',role_id=' . db_input($vars['role_id']) . ',username='******'username'])) . ',firstname=' . db_input(Format::striptags($vars['firstname'])) . ',lastname=' . db_input(Format::striptags($vars['lastname'])) . ',email=' . db_input($vars['email']) . ',phone="' . db_input($vars['phone'], false) . '"' . ',mobile="' . db_input($vars['mobile'], false) . '"' . ',signature=' . db_input(Format::striptags($vars['signature']));
if ($vars['npassword']) {
$hash = PhpassHashedPass::hash($vars['npassword']);
$sql .= ',passwd=' . db_input($hash);
}
if (isset($vars['resetpasswd'])) {
$sql .= ',change_passwd=1';
}
if ($id) {
$sql = 'UPDATE ' . STAFF_TABLE . ' ' . $sql . ' WHERE staff_id=' . db_input($id);
if (!db_query($sql) || !db_affected_rows()) {
$errors['err'] = _('Unable to update the user. Internal error occured');
}
} else {
$sql = 'INSERT INTO ' . STAFF_TABLE . ' ' . $sql . ',created=NOW()';
if (db_query($sql) && ($uID = db_insert_id())) {
return $uID;
}
$errors['err'] = _('Unable to create user. Internal error');
}
}
return $errors ? false : true;
}
$info = $support;
//Rewrite the config file.
$configfile = str_replace("define('KTSINSTALLED',FALSE);", "define('KTSINSTALLED',TRUE);", $configfile);
$configfile = str_replace('%ADMIN-EMAIL', $_POST['email'], $configfile);
$configfile = str_replace('%CONFIG-DBHOST', $_POST['dbhost'], $configfile);
$configfile = str_replace('%CONFIG-DBNAME', $_POST['dbname'], $configfile);
$configfile = str_replace('%CONFIG-DBUSER', $_POST['dbuser'], $configfile);
$configfile = str_replace('%CONFIG-DBPASS', $_POST['dbpass'], $configfile);
$configfile = str_replace('%CONFIG-PREFIX', $_POST['prefix'], $configfile);
$configfile = str_replace('%CONFIG-SIRI', Misc::randcode(32), $configfile);
if (ftruncate($fp, 0) && fwrite($fp, $configfile)) {
//Some more configurations.
$tzoffset = date("Z") / 3600;
//Server's offset.
//Create admin user. Dummy first and last name.
$sql = 'INSERT INTO ' . PREFIX . 'staff SET created=NOW(), isadmin=1,change_passwd=0,role_id=1,dept_id=1 ' . ',email=' . db_input($_POST['email']) . ',firstname=' . db_input('System') . ',lastname=' . db_input('Administrator') . ',username='******'username']) . ',passwd=' . db_input(PhpassHashedPass::hash($_POST['password'])) . ',timezone_offset=' . db_input($tzoffset);
db_query($sql);
//Add emails - hopefully the domain is actually valid
list($uname, $domain) = explode('@', $_POST['sysemail']);
//1 - main support email
$sql = 'INSERT INTO ' . PREFIX . 'email SET created=NOW(),updated=NOW(),priority_id=2,dept_id=1' . ',name=' . db_input('Katak-support') . ',email=' . db_input($_POST['sysemail']);
db_query($sql);
//2 - alert email
$sql = 'INSERT INTO ' . PREFIX . 'email SET created=NOW(),updated=NOW(),priority_id=1,dept_id=1' . ',name=' . db_input('Katak-support Alerts') . ',email=' . db_input('alerts@' . $domain);
db_query($sql);
//3 - noreply email
$sql = 'INSERT INTO ' . PREFIX . 'email SET created=NOW(),updated=NOW(),priority_id=1,dept_id=1' . ',name=' . db_input('') . ',email=' . db_input('noreply@' . $domain);
db_query($sql);
//config info
$sql = 'INSERT INTO ' . PREFIX . 'config SET updated=NOW() ' . ',isonline=0,default_email_id=1,alert_email_id=2,default_dept_id=1,default_template_id=1' . ',staff_language=' . db_input($_POST['language']) . ',user_language=' . db_input($_POST['language']) . ',timezone_offset=' . db_input($tzoffset) . ',ktsversion=' . db_input(VERSION) . ',helpdesk_url=' . db_input(URL) . ',helpdesk_title=' . db_input($_POST['title']);
db_query($sql);
$errors['npassword'] = _('Must be at least 6 characters');
}
if (!$_POST['vpassword']) {
$errors['vpassword'] = _('Confirm new password');
}
if (!$errors) {
if (!$thisuser->check_passwd($_POST['password'])) {
$errors['password'] = _('Valid password required');
} elseif (strcmp($_POST['npassword'], $_POST['vpassword'])) {
$errors['npassword'] = $errors['vpassword'] = _('New password(s) don\'t match');
} elseif (!strcasecmp($_POST['password'], $_POST['npassword'])) {
$errors['npassword'] = _('New password is same as old password');
}
}
if (!$errors) {
$sql = 'UPDATE ' . STAFF_TABLE . ' SET updated=NOW() ' . ',change_passwd=0, passwd=' . db_input(PhpassHashedPass::hash($_POST['npassword'])) . ' WHERE staff_id=' . db_input($thisuser->getId());
if (db_query($sql) && db_affected_rows()) {
$msg = _('Password Changed Successfully');
} else {
$errors['err'] = _('Unable to complete password change. Internal error.');
}
}
break;
case 'info':
//Update profile info
if (!$_POST['firstname']) {
$errors['firstname'] = _('First name required');
}
if (!$_POST['lastname']) {
$errors['lastname'] = _('Last name required');
}
