public static function loginBySSO($params)
{
$settings = (include 'extension/singlesignon/settings/settings.ini.php');
// Try to find operator by our logins
if (isset($params[$settings['attr_map']['username']][0])) {
$username = $params[$settings['attr_map']['username']][0];
if (erLhcoreClassModelUser::userExists($username)) {
$user = array_shift(erLhcoreClassModelUser::getUserList(array('limit' => 1, 'filter' => array('username'))));
erLhcoreClassUser::instance()->setLoggedUser($user->id);
} else {
$user = new erLhcoreClassModelUser();
foreach ($settings['attr_map'] as $attr => $ssoAttr) {
$user->{$attr} = $params[$settings['attr_map'][$attr]][0];
}
foreach ($settings['default_attributes'] as $attr => $value) {
$user->{$attr} = $value;
}
$user->password = sha1(erLhcoreClassModelForgotPassword::randomPassword() . rand(0, 1000) . microtime());
$user->saveThis();
// Set that users sees all pending chats
erLhcoreClassModelUserSetting::setSetting('show_all_pending', 1, $user->id);
// Set default departments
erLhcoreClassUserDep::addUserDepartaments($settings['default_departments'], $user->id, $user);
// Cleanup if previously existed
erLhcoreClassModelGroupUser::removeUserFromGroups($user->id);
// Assign user to default group
foreach ($settings['default_user_groups'] as $group_id) {
$groupUser = new erLhcoreClassModelGroupUser();
$groupUser->group_id = $group_id;
$groupUser->user_id = $user->id;
$groupUser->saveThis();
}
erLhcoreClassUser::instance()->setLoggedUser($user->id);
}
return true;
} else {
throw new Exception('Username field not found');
}
}
} else {
$tpl->set('errors', $Errors);
}
}
if (isset($_POST['UpdatePending_account'])) {
if (!isset($_POST['csfr_token']) || !$currentUser->validateCSFRToken($_POST['csfr_token'])) {
erLhcoreClassModule::redirect('user/account');
exit;
}
$definition = array('showAllPendingEnabled' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::OPTIONAL, 'boolean'));
$form = new ezcInputForm(INPUT_POST, $definition);
$Errors = array();
if ($form->hasValidData('showAllPendingEnabled') && $form->showAllPendingEnabled == true) {
erLhcoreClassModelUserSetting::setSetting('show_all_pending', 1, $UserData->id);
} else {
erLhcoreClassModelUserSetting::setSetting('show_all_pending', 0, $UserData->id);
}
$tpl->set('account_updated', 'done');
$tpl->set('tab', 'tab_pending');
}
if (isset($_POST['UpdateDepartaments_account'])) {
if (!isset($_POST['csfr_token']) || !$currentUser->validateCSFRToken($_POST['csfr_token'])) {
erLhcoreClassModule::redirect('user/userlist');
exit;
}
$globalDepartament = array();
if (isset($_POST['all_departments']) && $_POST['all_departments'] == 'on') {
$UserData->all_departments = 1;
$globalDepartament[] = 0;
} else {
$UserData->all_departments = 0;
erLhcoreClassModelUserSetting::setSetting('enable_pending_list', 0);
}
if ($form->hasValidData('activeTabEnabled') && $form->activeTabEnabled == true) {
erLhcoreClassModelUserSetting::setSetting('enable_active_list', 1);
} else {
erLhcoreClassModelUserSetting::setSetting('enable_active_list', 0);
}
if ($form->hasValidData('closedTabEnabled') && $form->closedTabEnabled == true) {
erLhcoreClassModelUserSetting::setSetting('enable_close_list', 1);
} else {
erLhcoreClassModelUserSetting::setSetting('enable_close_list', 0);
}
if ($form->hasValidData('unreadTabEnabled') && $form->unreadTabEnabled == true) {
erLhcoreClassModelUserSetting::setSetting('enable_unread_list', 1);
} else {
erLhcoreClassModelUserSetting::setSetting('enable_unread_list', 0);
}
$tpl->set('account_updated', 'done');
$tpl->set('tab', 'tab_settings');
}
if (isset($_POST['Update'])) {
$definition = array('Password' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::OPTIONAL, 'unsafe_raw'), 'Password1' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::OPTIONAL, 'unsafe_raw'), 'Email' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::REQUIRED, 'validate_email'), 'Name' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::REQUIRED, 'unsafe_raw'), 'Surname' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::REQUIRED, 'unsafe_raw'), 'Username' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::OPTIONAL, 'unsafe_raw'), 'JobTitle' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::OPTIONAL, 'unsafe_raw'), 'Skype' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::OPTIONAL, 'unsafe_raw'), 'XMPPUsername' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::OPTIONAL, 'unsafe_raw'), 'UserTimeZone' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::OPTIONAL, 'unsafe_raw'), 'UserInvisible' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::OPTIONAL, 'boolean'));
if (!isset($_POST['csfr_token']) || !$currentUser->validateCSFRToken($_POST['csfr_token'])) {
erLhcoreClassModule::redirect('user/account');
exit;
}
$form = new ezcInputForm(INPUT_POST, $definition);
$Errors = array();
if (!$form->hasValidData('Username')) {
$Errors[] = erTranslationClassLhTranslation::getInstance()->getTranslation('user/account', 'Please enter a username!');
} elseif ($form->hasValidData('Username') && $form->Username != $UserData->username && !erLhcoreClassModelUser::userExists($form->Username)) {
$modeAppend = '';
if ((string) $Params['user_parameters_unordered']['mode'] == 'embed') {
$embedMode = true;
$modeAppend = '/(mode)/embed';
}
if (isset($Params['user_parameters_unordered']['theme']) && (int) $Params['user_parameters_unordered']['theme'] > 0) {
try {
$theme = erLhAbstractModelWidgetTheme::fetch($Params['user_parameters_unordered']['theme']);
$Result['theme'] = $theme;
$tpl->set('theme', $theme);
$modeAppend .= '/(theme)/' . $theme->id;
} catch (Exception $e) {
}
}
if ($Params['user_parameters_unordered']['sound'] !== null && is_numeric($Params['user_parameters_unordered']['sound'])) {
erLhcoreClassModelUserSetting::setSetting('chat_message', (int) $Params['user_parameters_unordered']['sound'] == 1 ? 1 : 0);
}
if ($Params['user_parameters_unordered']['cstarted'] !== null && $Params['user_parameters_unordered']['cstarted'] != '') {
$Result['parent_messages'][] = 'lh_callback:' . (string) strip_tags($Params['user_parameters_unordered']['cstarted']);
}
try {
$chat = erLhcoreClassChat::getSession()->load('erLhcoreClassModelChat', $Params['user_parameters']['chat_id']);
erLhcoreClassChat::setTimeZoneByChat($chat);
if ($chat->hash == $Params['user_parameters']['hash']) {
$tpl->set('chat_id', $Params['user_parameters']['chat_id']);
$tpl->set('hash', $Params['user_parameters']['hash']);
$tpl->set('chat', $chat);
$tpl->set('chat_widget_mode', true);
$tpl->set('chat_embed_mode', $embedMode);
$tpl->set('survey', is_numeric($Params['user_parameters_unordered']['survey']) ? (int) $Params['user_parameters_unordered']['survey'] : false);
$Result['chat'] = $chat;
$tab = 'generalsettings';
}
if (isset($_POST['changeSiteAccess'])) {
$input->siteaccess = $_POST['siteaccess'];
}
if (isset($_POST['StoreUserSettingsAction'])) {
$definition = array('language' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::OPTIONAL, 'string'));
if (!isset($_POST['csfr_token']) || !$currentUser->validateCSFRToken($_POST['csfr_token'])) {
erLhcoreClassModule::redirect('system/languages');
exit;
}
$Errors = array();
$form = new ezcInputForm(INPUT_POST, $definition);
$Errors = array();
if ($form->hasValidData('language') && !empty($form->language)) {
erLhcoreClassModelUserSetting::setSetting('user_language', $form->language);
// Redirect for change to take effect
erLhcoreClassModule::redirect('system/languages', '/(updated)/true');
exit;
} else {
$tpl->set('errors', array(erTranslationClassLhTranslation::getInstance()->getTranslation('system/languages', 'Please choose correct language')));
}
}
if ($currentUser->hasAccessTo('lhsystem', 'configurelanguages')) {
if (isset($_POST['StoreLanguageSettings'])) {
$tab = 'generalsettings';
$definition = array('siteaccess' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::OPTIONAL, 'string'), 'language' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::OPTIONAL, 'string'), 'theme' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::OPTIONAL, 'string'), 'module' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::OPTIONAL, 'string'), 'view' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::OPTIONAL, 'string'));
if (!isset($_POST['csfr_token']) || !$currentUser->validateCSFRToken($_POST['csfr_token'])) {
erLhcoreClassModule::redirect('system/languages');
exit;
}
$validateSpeechData = erLhcoreClassUserValidator::validateSpeech();
erLhcoreClassModelUserSetting::setSetting('speech_language', $validateSpeechData['speech_language']);
erLhcoreClassModelUserSetting::setSetting('speech_dialect', $validateSpeechData['speech_dialect']);
$tpl->set('account_updated', 'done');
$tpl->set('tab', 'tab_speech');
}
if (erLhcoreClassUser::instance()->hasAccessTo('lhuser', 'change_visibility_list') && isset($_POST['UpdateTabsSettings_account'])) {
if (!isset($_POST['csfr_token']) || !$currentUser->validateCSFRToken($_POST['csfr_token'])) {
erLhcoreClassModule::redirect('user/account');
exit;
}
$validateVisibilityListData = erLhcoreClassUserValidator::validateVisibilityList();
erLhcoreClassModelUserSetting::setSetting('enable_pending_list', $validateVisibilityListData['enable_pending_list']);
erLhcoreClassModelUserSetting::setSetting('enable_active_list', $validateVisibilityListData['enable_active_list']);
erLhcoreClassModelUserSetting::setSetting('enable_close_list', $validateVisibilityListData['enable_close_list']);
erLhcoreClassModelUserSetting::setSetting('enable_unread_list', $validateVisibilityListData['enable_unread_list']);
$tpl->set('account_updated', 'done');
$tpl->set('tab', 'tab_settings');
}
if (isset($_POST['Update'])) {
if (!isset($_POST['csfr_token']) || !$currentUser->validateCSFRToken($_POST['csfr_token'])) {
erLhcoreClassModule::redirect('user/account');
exit;
}
$Errors = erLhcoreClassUserValidator::validateAccount($UserData);
if (isset($_POST['DeletePhoto'])) {
$UserData->removeFile();
}
$userPhotoErrors = erLhcoreClassUserValidator::validateUserPhoto($UserData);
if ($userPhotoErrors !== false) {
$Errors = array_merge($Errors, $userPhotoErrors);
$Errors = erLhcoreClassUserValidator::validateUserNew($UserData, $userParams);
if (count($Errors) == 0) {
try {
$db = ezcDbInstance::get();
$db->beginTransaction();
erLhcoreClassUser::getSession()->save($UserData);
if (count($userParams['global_departament']) > 0) {
erLhcoreClassUserDep::addUserDepartaments($userParams['global_departament'], $UserData->id, $UserData);
}
$UserData->setUserGroups();
$userPhotoErrors = erLhcoreClassUserValidator::validateUserPhoto($UserData);
if ($userPhotoErrors !== false && count($userPhotoErrors) == 0) {
$UserData->saveThis();
}
erLhcoreClassModelDepartamentGroupUser::addUserDepartmentGroups($UserData, erLhcoreClassUserValidator::validateDepartmentsGroup($UserData));
erLhcoreClassModelUserSetting::setSetting('show_all_pending', $userParams['show_all_pending'], $UserData->id);
erLhcoreClassChatEventDispatcher::getInstance()->dispatch('user.user_created', array('userData' => &$UserData, 'password' => $UserData->password_front));
$db->commit();
erLhcoreClassModule::redirect('user/userlist');
exit;
} catch (Exception $e) {
$tpl->set('errors', array($e->getMessage()));
$UserData->removeFile();
$db->rollback();
}
} else {
$tpl->set('errors', $Errors);
}
}
$tpl->set('user', $UserData);
$tpl->set('userDepartaments', $UserDepartaments);
$supportedWidgets = array('online_operators' => erTranslationClassLhTranslation::getInstance()->getTranslation('chat/dashboardwidgets', 'Online operators'), 'active_chats' => erTranslationClassLhTranslation::getInstance()->getTranslation('chat/dashboardwidgets', 'Active chats'), 'online_visitors' => erTranslationClassLhTranslation::getInstance()->getTranslation('chat/dashboardwidgets', 'Online visitors'), 'departments_stats' => erTranslationClassLhTranslation::getInstance()->getTranslation('chat/dashboardwidgets', 'Departments stats'), 'pending_chats' => erTranslationClassLhTranslation::getInstance()->getTranslation('chat/dashboardwidgets', 'Pending chats'), 'unread_chats' => erTranslationClassLhTranslation::getInstance()->getTranslation('chat/dashboardwidgets', 'Unread chats'), 'transfered_chats' => erTranslationClassLhTranslation::getInstance()->getTranslation('chat/dashboardwidgets', 'Transfered chats'), 'closed_chats' => erTranslationClassLhTranslation::getInstance()->getTranslation('chat/dashboardwidgets', 'Closed chats'));
erLhcoreClassChatEventDispatcher::getInstance()->dispatch('chat.dashboardwidgets', array('supported_widgets' => &$supportedWidgets));
if (ezcInputForm::hasPostData()) {
$definition = array('WidgetsUser' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::OPTIONAL, 'unsafe_raw', null, FILTER_REQUIRE_ARRAY));
$form = new ezcInputForm(INPUT_POST, $definition);
$Errors = array();
if ($form->hasValidData('WidgetsUser') && !empty($form->WidgetsUser)) {
// Add new widgets
foreach ($form->WidgetsUser as $newUserWidget) {
if (!in_array($newUserWidget, $widgetsUser)) {
$dashboardOrderString = $newUserWidget . ',' . $dashboardOrderString;
$widgetsUser[] = $newUserWidget;
}
}
// Remove removed widgets
foreach ($widgetsUser as $userWidget) {
if (!in_array($userWidget, $form->WidgetsUser)) {
$dashboardOrderString = str_replace($userWidget, '', $dashboardOrderString);
unset($widgetsUser[array_search($userWidget, $widgetsUser)]);
}
}
// Just cleanup
$dashboardOrderString = str_replace(array(',,', ',,,', ',,,,', '|,', ',|'), array(',', ',', ',', '|', '|'), $dashboardOrderString);
// Store settings in user scope now
erLhcoreClassModelUserSetting::setSetting('dwo', $dashboardOrderString);
$tpl->set('updated', true);
}
}
$tpl->setArray(array('widgets' => $supportedWidgets, 'user_widgets' => $widgetsUser));
echo $tpl->fetch();
exit;
<?php
// Make sure that we support variable which is setting now
// It was possible in another portal to cheat, and overload server without this type of checking
try {
// Start session if required only
$currentUser = erLhcoreClassUser::instance();
if (!isset($_SERVER['HTTP_X_CSRFTOKEN']) || !$currentUser->validateCSFRToken($_SERVER['HTTP_X_CSRFTOKEN'])) {
echo json_encode(array('error' => 'true', 'result' => 'Invalid CSRF Token'));
exit;
}
$settingHandler = erLhcoreClassModelUserSettingOption::fetch($Params['user_parameters']['identifier']);
// Never trust user input
erLhcoreClassModelUserSetting::setSetting($Params['user_parameters']['identifier'], (string) $_POST['value']);
exit;
} catch (Exception $e) {
print_r($e);
}
exit;
