public static function loginBySSO($params) { $settings = (include 'extension/singlesignon/settings/settings.ini.php'); // Try to find operator by our logins if (isset($params[$settings['attr_map']['username']][0])) { $username = $params[$settings['attr_map']['username']][0]; if (erLhcoreClassModelUser::userExists($username)) { $user = array_shift(erLhcoreClassModelUser::getUserList(array('limit' => 1, 'filter' => array('username')))); erLhcoreClassUser::instance()->setLoggedUser($user->id); } else { $user = new erLhcoreClassModelUser(); foreach ($settings['attr_map'] as $attr => $ssoAttr) { $user->{$attr} = $params[$settings['attr_map'][$attr]][0]; } foreach ($settings['default_attributes'] as $attr => $value) { $user->{$attr} = $value; } $user->password = sha1(erLhcoreClassModelForgotPassword::randomPassword() . rand(0, 1000) . microtime()); $user->saveThis(); // Set that users sees all pending chats erLhcoreClassModelUserSetting::setSetting('show_all_pending', 1, $user->id); // Set default departments erLhcoreClassUserDep::addUserDepartaments($settings['default_departments'], $user->id, $user); // Cleanup if previously existed erLhcoreClassModelGroupUser::removeUserFromGroups($user->id); // Assign user to default group foreach ($settings['default_user_groups'] as $group_id) { $groupUser = new erLhcoreClassModelGroupUser(); $groupUser->group_id = $group_id; $groupUser->user_id = $user->id; $groupUser->saveThis(); } erLhcoreClassUser::instance()->setLoggedUser($user->id); } return true; } else { throw new Exception('Username field not found'); } }
} else { $tpl->set('errors', $Errors); } } if (isset($_POST['UpdatePending_account'])) { if (!isset($_POST['csfr_token']) || !$currentUser->validateCSFRToken($_POST['csfr_token'])) { erLhcoreClassModule::redirect('user/account'); exit; } $definition = array('showAllPendingEnabled' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::OPTIONAL, 'boolean')); $form = new ezcInputForm(INPUT_POST, $definition); $Errors = array(); if ($form->hasValidData('showAllPendingEnabled') && $form->showAllPendingEnabled == true) { erLhcoreClassModelUserSetting::setSetting('show_all_pending', 1, $UserData->id); } else { erLhcoreClassModelUserSetting::setSetting('show_all_pending', 0, $UserData->id); } $tpl->set('account_updated', 'done'); $tpl->set('tab', 'tab_pending'); } if (isset($_POST['UpdateDepartaments_account'])) { if (!isset($_POST['csfr_token']) || !$currentUser->validateCSFRToken($_POST['csfr_token'])) { erLhcoreClassModule::redirect('user/userlist'); exit; } $globalDepartament = array(); if (isset($_POST['all_departments']) && $_POST['all_departments'] == 'on') { $UserData->all_departments = 1; $globalDepartament[] = 0; } else { $UserData->all_departments = 0;
erLhcoreClassModelUserSetting::setSetting('enable_pending_list', 0); } if ($form->hasValidData('activeTabEnabled') && $form->activeTabEnabled == true) { erLhcoreClassModelUserSetting::setSetting('enable_active_list', 1); } else { erLhcoreClassModelUserSetting::setSetting('enable_active_list', 0); } if ($form->hasValidData('closedTabEnabled') && $form->closedTabEnabled == true) { erLhcoreClassModelUserSetting::setSetting('enable_close_list', 1); } else { erLhcoreClassModelUserSetting::setSetting('enable_close_list', 0); } if ($form->hasValidData('unreadTabEnabled') && $form->unreadTabEnabled == true) { erLhcoreClassModelUserSetting::setSetting('enable_unread_list', 1); } else { erLhcoreClassModelUserSetting::setSetting('enable_unread_list', 0); } $tpl->set('account_updated', 'done'); $tpl->set('tab', 'tab_settings'); } if (isset($_POST['Update'])) { $definition = array('Password' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::OPTIONAL, 'unsafe_raw'), 'Password1' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::OPTIONAL, 'unsafe_raw'), 'Email' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::REQUIRED, 'validate_email'), 'Name' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::REQUIRED, 'unsafe_raw'), 'Surname' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::REQUIRED, 'unsafe_raw'), 'Username' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::OPTIONAL, 'unsafe_raw'), 'JobTitle' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::OPTIONAL, 'unsafe_raw'), 'Skype' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::OPTIONAL, 'unsafe_raw'), 'XMPPUsername' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::OPTIONAL, 'unsafe_raw'), 'UserTimeZone' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::OPTIONAL, 'unsafe_raw'), 'UserInvisible' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::OPTIONAL, 'boolean')); if (!isset($_POST['csfr_token']) || !$currentUser->validateCSFRToken($_POST['csfr_token'])) { erLhcoreClassModule::redirect('user/account'); exit; } $form = new ezcInputForm(INPUT_POST, $definition); $Errors = array(); if (!$form->hasValidData('Username')) { $Errors[] = erTranslationClassLhTranslation::getInstance()->getTranslation('user/account', 'Please enter a username!'); } elseif ($form->hasValidData('Username') && $form->Username != $UserData->username && !erLhcoreClassModelUser::userExists($form->Username)) {
$modeAppend = ''; if ((string) $Params['user_parameters_unordered']['mode'] == 'embed') { $embedMode = true; $modeAppend = '/(mode)/embed'; } if (isset($Params['user_parameters_unordered']['theme']) && (int) $Params['user_parameters_unordered']['theme'] > 0) { try { $theme = erLhAbstractModelWidgetTheme::fetch($Params['user_parameters_unordered']['theme']); $Result['theme'] = $theme; $tpl->set('theme', $theme); $modeAppend .= '/(theme)/' . $theme->id; } catch (Exception $e) { } } if ($Params['user_parameters_unordered']['sound'] !== null && is_numeric($Params['user_parameters_unordered']['sound'])) { erLhcoreClassModelUserSetting::setSetting('chat_message', (int) $Params['user_parameters_unordered']['sound'] == 1 ? 1 : 0); } if ($Params['user_parameters_unordered']['cstarted'] !== null && $Params['user_parameters_unordered']['cstarted'] != '') { $Result['parent_messages'][] = 'lh_callback:' . (string) strip_tags($Params['user_parameters_unordered']['cstarted']); } try { $chat = erLhcoreClassChat::getSession()->load('erLhcoreClassModelChat', $Params['user_parameters']['chat_id']); erLhcoreClassChat::setTimeZoneByChat($chat); if ($chat->hash == $Params['user_parameters']['hash']) { $tpl->set('chat_id', $Params['user_parameters']['chat_id']); $tpl->set('hash', $Params['user_parameters']['hash']); $tpl->set('chat', $chat); $tpl->set('chat_widget_mode', true); $tpl->set('chat_embed_mode', $embedMode); $tpl->set('survey', is_numeric($Params['user_parameters_unordered']['survey']) ? (int) $Params['user_parameters_unordered']['survey'] : false); $Result['chat'] = $chat;
$tab = 'generalsettings'; } if (isset($_POST['changeSiteAccess'])) { $input->siteaccess = $_POST['siteaccess']; } if (isset($_POST['StoreUserSettingsAction'])) { $definition = array('language' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::OPTIONAL, 'string')); if (!isset($_POST['csfr_token']) || !$currentUser->validateCSFRToken($_POST['csfr_token'])) { erLhcoreClassModule::redirect('system/languages'); exit; } $Errors = array(); $form = new ezcInputForm(INPUT_POST, $definition); $Errors = array(); if ($form->hasValidData('language') && !empty($form->language)) { erLhcoreClassModelUserSetting::setSetting('user_language', $form->language); // Redirect for change to take effect erLhcoreClassModule::redirect('system/languages', '/(updated)/true'); exit; } else { $tpl->set('errors', array(erTranslationClassLhTranslation::getInstance()->getTranslation('system/languages', 'Please choose correct language'))); } } if ($currentUser->hasAccessTo('lhsystem', 'configurelanguages')) { if (isset($_POST['StoreLanguageSettings'])) { $tab = 'generalsettings'; $definition = array('siteaccess' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::OPTIONAL, 'string'), 'language' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::OPTIONAL, 'string'), 'theme' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::OPTIONAL, 'string'), 'module' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::OPTIONAL, 'string'), 'view' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::OPTIONAL, 'string')); if (!isset($_POST['csfr_token']) || !$currentUser->validateCSFRToken($_POST['csfr_token'])) { erLhcoreClassModule::redirect('system/languages'); exit; }
$validateSpeechData = erLhcoreClassUserValidator::validateSpeech(); erLhcoreClassModelUserSetting::setSetting('speech_language', $validateSpeechData['speech_language']); erLhcoreClassModelUserSetting::setSetting('speech_dialect', $validateSpeechData['speech_dialect']); $tpl->set('account_updated', 'done'); $tpl->set('tab', 'tab_speech'); } if (erLhcoreClassUser::instance()->hasAccessTo('lhuser', 'change_visibility_list') && isset($_POST['UpdateTabsSettings_account'])) { if (!isset($_POST['csfr_token']) || !$currentUser->validateCSFRToken($_POST['csfr_token'])) { erLhcoreClassModule::redirect('user/account'); exit; } $validateVisibilityListData = erLhcoreClassUserValidator::validateVisibilityList(); erLhcoreClassModelUserSetting::setSetting('enable_pending_list', $validateVisibilityListData['enable_pending_list']); erLhcoreClassModelUserSetting::setSetting('enable_active_list', $validateVisibilityListData['enable_active_list']); erLhcoreClassModelUserSetting::setSetting('enable_close_list', $validateVisibilityListData['enable_close_list']); erLhcoreClassModelUserSetting::setSetting('enable_unread_list', $validateVisibilityListData['enable_unread_list']); $tpl->set('account_updated', 'done'); $tpl->set('tab', 'tab_settings'); } if (isset($_POST['Update'])) { if (!isset($_POST['csfr_token']) || !$currentUser->validateCSFRToken($_POST['csfr_token'])) { erLhcoreClassModule::redirect('user/account'); exit; } $Errors = erLhcoreClassUserValidator::validateAccount($UserData); if (isset($_POST['DeletePhoto'])) { $UserData->removeFile(); } $userPhotoErrors = erLhcoreClassUserValidator::validateUserPhoto($UserData); if ($userPhotoErrors !== false) { $Errors = array_merge($Errors, $userPhotoErrors);
$Errors = erLhcoreClassUserValidator::validateUserNew($UserData, $userParams); if (count($Errors) == 0) { try { $db = ezcDbInstance::get(); $db->beginTransaction(); erLhcoreClassUser::getSession()->save($UserData); if (count($userParams['global_departament']) > 0) { erLhcoreClassUserDep::addUserDepartaments($userParams['global_departament'], $UserData->id, $UserData); } $UserData->setUserGroups(); $userPhotoErrors = erLhcoreClassUserValidator::validateUserPhoto($UserData); if ($userPhotoErrors !== false && count($userPhotoErrors) == 0) { $UserData->saveThis(); } erLhcoreClassModelDepartamentGroupUser::addUserDepartmentGroups($UserData, erLhcoreClassUserValidator::validateDepartmentsGroup($UserData)); erLhcoreClassModelUserSetting::setSetting('show_all_pending', $userParams['show_all_pending'], $UserData->id); erLhcoreClassChatEventDispatcher::getInstance()->dispatch('user.user_created', array('userData' => &$UserData, 'password' => $UserData->password_front)); $db->commit(); erLhcoreClassModule::redirect('user/userlist'); exit; } catch (Exception $e) { $tpl->set('errors', array($e->getMessage())); $UserData->removeFile(); $db->rollback(); } } else { $tpl->set('errors', $Errors); } } $tpl->set('user', $UserData); $tpl->set('userDepartaments', $UserDepartaments);
$supportedWidgets = array('online_operators' => erTranslationClassLhTranslation::getInstance()->getTranslation('chat/dashboardwidgets', 'Online operators'), 'active_chats' => erTranslationClassLhTranslation::getInstance()->getTranslation('chat/dashboardwidgets', 'Active chats'), 'online_visitors' => erTranslationClassLhTranslation::getInstance()->getTranslation('chat/dashboardwidgets', 'Online visitors'), 'departments_stats' => erTranslationClassLhTranslation::getInstance()->getTranslation('chat/dashboardwidgets', 'Departments stats'), 'pending_chats' => erTranslationClassLhTranslation::getInstance()->getTranslation('chat/dashboardwidgets', 'Pending chats'), 'unread_chats' => erTranslationClassLhTranslation::getInstance()->getTranslation('chat/dashboardwidgets', 'Unread chats'), 'transfered_chats' => erTranslationClassLhTranslation::getInstance()->getTranslation('chat/dashboardwidgets', 'Transfered chats'), 'closed_chats' => erTranslationClassLhTranslation::getInstance()->getTranslation('chat/dashboardwidgets', 'Closed chats')); erLhcoreClassChatEventDispatcher::getInstance()->dispatch('chat.dashboardwidgets', array('supported_widgets' => &$supportedWidgets)); if (ezcInputForm::hasPostData()) { $definition = array('WidgetsUser' => new ezcInputFormDefinitionElement(ezcInputFormDefinitionElement::OPTIONAL, 'unsafe_raw', null, FILTER_REQUIRE_ARRAY)); $form = new ezcInputForm(INPUT_POST, $definition); $Errors = array(); if ($form->hasValidData('WidgetsUser') && !empty($form->WidgetsUser)) { // Add new widgets foreach ($form->WidgetsUser as $newUserWidget) { if (!in_array($newUserWidget, $widgetsUser)) { $dashboardOrderString = $newUserWidget . ',' . $dashboardOrderString; $widgetsUser[] = $newUserWidget; } } // Remove removed widgets foreach ($widgetsUser as $userWidget) { if (!in_array($userWidget, $form->WidgetsUser)) { $dashboardOrderString = str_replace($userWidget, '', $dashboardOrderString); unset($widgetsUser[array_search($userWidget, $widgetsUser)]); } } // Just cleanup $dashboardOrderString = str_replace(array(',,', ',,,', ',,,,', '|,', ',|'), array(',', ',', ',', '|', '|'), $dashboardOrderString); // Store settings in user scope now erLhcoreClassModelUserSetting::setSetting('dwo', $dashboardOrderString); $tpl->set('updated', true); } } $tpl->setArray(array('widgets' => $supportedWidgets, 'user_widgets' => $widgetsUser)); echo $tpl->fetch(); exit;
<?php // Make sure that we support variable which is setting now // It was possible in another portal to cheat, and overload server without this type of checking try { // Start session if required only $currentUser = erLhcoreClassUser::instance(); if (!isset($_SERVER['HTTP_X_CSRFTOKEN']) || !$currentUser->validateCSFRToken($_SERVER['HTTP_X_CSRFTOKEN'])) { echo json_encode(array('error' => 'true', 'result' => 'Invalid CSRF Token')); exit; } $settingHandler = erLhcoreClassModelUserSettingOption::fetch($Params['user_parameters']['identifier']); // Never trust user input erLhcoreClassModelUserSetting::setSetting($Params['user_parameters']['identifier'], (string) $_POST['value']); exit; } catch (Exception $e) { print_r($e); } exit;