Example #1
0
function update_user()
{
    global $hesk_settings, $hesklang;
    /* A security check */
    hesk_token_check('POST');
    $_SESSION['save_userdata'] = TRUE;
    $tmp = intval(hesk_POST('userid')) or hesk_error("{$hesklang['int_error']}: {$hesklang['no_valid_id']}");
    /* To edit self fore using "Profile" page */
    if ($tmp == $_SESSION['id']) {
        hesk_process_messages($hesklang['eyou'], 'profile.php', 'NOTICE');
    }
    $_SERVER['PHP_SELF'] = './manage_users.php?a=edit&id=' . $tmp;
    $myuser = hesk_validateUserInfo(0, $_SERVER['PHP_SELF']);
    $myuser['id'] = $tmp;
    /* Only active users can be assigned tickets. Also turn off all notifications */
    if (!$myuser['active']) {
        $myuser['autoassign'] = 0;
        $myuser['notify_new_unassigned'] = 0;
        $myuser['notify_new_my'] = 0;
        $myuser['notify_reply_unassigned'] = 0;
        $myuser['notify_reply_my'] = 0;
        $myuser['notify_assigned'] = 0;
        $myuser['notify_pm'] = 0;
        $myuser['notify_note'] = 0;
        $myuser['notify_note_unassigned'] = 0;
    }
    /* Check for duplicate usernames */
    $res = hesk_dbQuery("SELECT `id`,`isadmin`,`categories`,`heskprivileges` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user` = '" . hesk_dbEscape($myuser['user']) . "' LIMIT 1");
    if (hesk_dbNumRows($res) == 1) {
        $tmp = hesk_dbFetchAssoc($res);
        /* Duplicate? */
        if ($tmp['id'] != $myuser['id']) {
            hesk_process_messages($hesklang['duplicate_user'], $_SERVER['PHP_SELF']);
        }
        /* Do we have permission to edit this user? */
        if (!compare_user_permissions($tmp['id'], $tmp['isadmin'], explode(',', $tmp['categories']), explode(',', $tmp['heskprivileges']))) {
            hesk_process_messages($hesklang['npea'], 'manage_users.php');
        }
    }
    /* Admins will have access to all features and categories */
    if ($myuser['isadmin']) {
        $myuser['categories'] = '';
        $myuser['features'] = '';
    } else {
        /* Categories and Features will be stored as a string */
        $myuser['categories'] = implode(',', $myuser['categories']);
        $myuser['features'] = implode(',', $myuser['features']);
        /* Unassign tickets from categories that the user had access before but doesn't anymore */
        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`=0 WHERE `owner`='" . intval($myuser['id']) . "' AND `category` NOT IN (" . $myuser['categories'] . ")");
    }
    // Find the list of categories they are manager of. If they no longer have access to the category, revoke their manager permission.
    if ($myuser['isadmin']) {
        // Admins can't be managers
        hesk_dbQuery('UPDATE `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'categories` SET `manager` = 0 WHERE `manager` = ' . intval($myuser['id']));
    } else {
        $currentCatRs = hesk_dbQuery("SELECT `categories` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id` = '" . intval($myuser['id']) . "' LIMIT 1");
        $rowOfCategories = hesk_dbFetchAssoc($currentCatRs);
        $cats = $rowOfCategories['categories'];
        $currentCategories = explode(',', $cats);
        $newCategories = explode(',', $myuser['categories']);
        // If any any elements are in current but not in new, add them to the revoke array
        $revokeCats = array();
        foreach ($currentCategories as $currentCategory) {
            if (!in_array($currentCategory, $newCategories) && $currentCategory != '') {
                array_push($revokeCats, $currentCategory);
            }
        }
        if (count($revokeCats) > 0) {
            hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `manager` = 0 WHERE `id` IN (" . implode(',', $revokeCats) . ")");
        }
    }
    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET\n    `user`='" . hesk_dbEscape($myuser['user']) . "',\n    `name`='" . hesk_dbEscape($myuser['name']) . "',\n    `email`='" . hesk_dbEscape($myuser['email']) . "',\n    `signature`='" . hesk_dbEscape($myuser['signature']) . "'," . (isset($myuser['pass']) ? "`pass`='" . hesk_dbEscape($myuser['pass']) . "'," : '') . "\n    `categories`='" . hesk_dbEscape($myuser['categories']) . "',\n    `isadmin`='" . intval($myuser['isadmin']) . "',\n    `active`='" . intval($myuser['active']) . "',\n    `autoassign`='" . intval($myuser['autoassign']) . "',\n    `heskprivileges`='" . hesk_dbEscape($myuser['features']) . "',\n    `afterreply`='" . $myuser['afterreply'] . "' ,\n\t`autostart`='" . $myuser['autostart'] . "' ,\n\t`notify_customer_new`='" . $myuser['notify_customer_new'] . "' ,\n\t`notify_customer_reply`='" . $myuser['notify_customer_reply'] . "' ,\n\t`show_suggested`='" . $myuser['show_suggested'] . "' ,\n\t`notify_new_unassigned`='" . $myuser['notify_new_unassigned'] . "' ,\n\t`notify_new_my`='" . $myuser['notify_new_my'] . "' ,\n\t`notify_reply_unassigned`='" . $myuser['notify_reply_unassigned'] . "' ,\n\t`notify_reply_my`='" . $myuser['notify_reply_my'] . "' ,\n\t`notify_assigned`='" . $myuser['notify_assigned'] . "' ,\n\t`notify_pm`='" . $myuser['notify_pm'] . "',\n\t`notify_note`='" . $myuser['notify_note'] . "',\n\t`notify_note_unassigned`='" . $myuser['notify_note_unassigned'] . "',\n\t`autorefresh`=" . intval($myuser['autorefresh']) . ",\n\t`permission_template`=" . intval($myuser['template']) . "\n    WHERE `id`='" . intval($myuser['id']) . "' LIMIT 1");
    // If they are now inactive, remove any manager rights
    if (!$myuser['active']) {
        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `manager` = 0 WHERE `manager` = " . intval($myuser['id']));
    }
    unset($_SESSION['save_userdata']);
    unset($_SESSION['userdata']);
    hesk_process_messages($hesklang['user_profile_updated_success'], $_SERVER['PHP_SELF'], 'SUCCESS');
}
Example #2
0
function update_user()
{
    global $hesk_settings, $hesklang;
    /* A security check */
    hesk_token_check('POST');
    $_SESSION['save_userdata'] = TRUE;
    $tmp = intval(hesk_POST('userid')) or hesk_error("{$hesklang['int_error']}: {$hesklang['no_valid_id']}");
    /* To edit self fore using "Profile" page */
    if ($tmp == $_SESSION['id']) {
        hesk_process_messages($hesklang['eyou'], 'profile.php', 'NOTICE');
    }
    $_SERVER['PHP_SELF'] = './manage_users.php?a=edit&id=' . $tmp;
    $myuser = hesk_validateUserInfo(0, $_SERVER['PHP_SELF']);
    $myuser['id'] = $tmp;
    /* If can't view assigned changes this */
    if (in_array('can_view_unassigned', $myuser['features'])) {
        $sql_where = "";
    } else {
        $sql_where = " , `notify_new_unassigned`='0', `notify_reply_unassigned`='0' ";
    }
    /* Check for duplicate usernames */
    $res = hesk_dbQuery("SELECT `id`,`isadmin`,`categories`,`heskprivileges` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user` = '" . hesk_dbEscape($myuser['user']) . "' LIMIT 1");
    if (hesk_dbNumRows($res) == 1) {
        $tmp = hesk_dbFetchAssoc($res);
        /* Duplicate? */
        if ($tmp['id'] != $myuser['id']) {
            hesk_process_messages($hesklang['duplicate_user'], $_SERVER['PHP_SELF']);
        }
        /* Do we have permission to edit this user? */
        if (!compare_user_permissions($tmp['id'], $tmp['isadmin'], explode(',', $tmp['categories']), explode(',', $tmp['heskprivileges']))) {
            hesk_process_messages($hesklang['npea'], 'manage_users.php');
        }
    }
    /* Admins will have access to all features and categories */
    if ($myuser['isadmin']) {
        $myuser['categories'] = '';
        $myuser['features'] = '';
    } else {
        /* Categories and Features will be stored as a string */
        $myuser['categories'] = implode(',', $myuser['categories']);
        $myuser['features'] = implode(',', $myuser['features']);
        /* Unassign tickets from categories that the user had access before but doesn't anymore */
        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`=0 WHERE `owner`='" . intval($myuser['id']) . "' AND `category` NOT IN (" . $myuser['categories'] . ")");
    }
    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET\r\n    `user`='" . hesk_dbEscape($myuser['user']) . "',\r\n    `name`='" . hesk_dbEscape($myuser['name']) . "',\r\n    `email`='" . hesk_dbEscape($myuser['email']) . "',\r\n    `signature`='" . hesk_dbEscape($myuser['signature']) . "'," . (isset($myuser['pass']) ? "`pass`='" . hesk_dbEscape($myuser['pass']) . "'," : '') . "\r\n    `categories`='" . hesk_dbEscape($myuser['categories']) . "',\r\n    `isadmin`='" . intval($myuser['isadmin']) . "',\r\n    `autoassign`='" . intval($myuser['autoassign']) . "',\r\n    `heskprivileges`='" . hesk_dbEscape($myuser['features']) . "'\r\n    {$sql_where}\r\n    WHERE `id`='" . intval($myuser['id']) . "' LIMIT 1");
    unset($_SESSION['save_userdata']);
    unset($_SESSION['userdata']);
    hesk_process_messages($hesklang['user_profile_updated_success'], $_SERVER['PHP_SELF'], 'SUCCESS');
}
Example #3
0
function update_client()
{
    global $hesk_settings, $hesklang;
    /* A security check */
    hesk_token_check('POST');
    $_SESSION['save_userdata'] = TRUE;
    $tmp = intval(hesk_POST('userid')) or hesk_error("{$hesklang['int_error']}: {$hesklang['no_valid_id']}");
    /* To edit self fore using "Profile" page */
    if ($tmp == $_SESSION['id']) {
        hesk_process_messages($hesklang['eyou'], 'profile.php', 'NOTICE');
    }
    $_SERVER['PHP_SELF'] = './manage_users.php';
    $myuser = hesk_validateUserInfo(0, $_SERVER['HTTP_REFERER']);
    $myuser['id'] = $tmp;
    $active = isset($_POST['prof_active']) ? $_POST['prof_active'] : "0";
    /* Check for duplicate usernames */
    if ($myuser['isclient'] == "1") {
        $res = hesk_dbQuery("SELECT `id`, `user`, `isclient` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "clients` WHERE `user` = '" . hesk_dbEscape($myuser['user']) . "' LIMIT 1");
        if (hesk_dbNumRows($res) == 1) {
            $tmp = hesk_dbFetchAssoc($res);
            /* Duplicate? */
            if ($tmp['id'] != $myuser['id']) {
                hesk_process_messages($hesklang['duplicate_user'], $_SERVER['HTTP_REFERER']);
            }
        }
    }
    $query = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "clients` SET\n\t`user`='" . hesk_dbEscape($myuser['user']) . "',\n    `name`='" . hesk_dbEscape($myuser['name']) . "',\n    `email`='" . hesk_dbEscape($myuser['email']) . "',\n    `address`='" . hesk_dbEscape($myuser['address']) . "',\n    `phonenumber`='" . hesk_dbEscape($myuser['phonenumber']) . "',\n    `poz_detyres`='" . hesk_dbEscape($myuser['poz_detyres']) . "',\n    `company_id`='" . hesk_dbEscape($myuser['company_id']) . "',\n    `active`='" . hesk_dbEscape($active) . "'\n\t" . (isset($myuser['pass']) ? ", `pass`='" . hesk_dbEscape($myuser['pass']) . "'" : '') . "\n\t WHERE `id`=" . intval($myuser['id']) . " LIMIT 1");
    $query2 = hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "contractforclient` WHERE `client_Id`='" . intval($myuser['id']) . "'");
    foreach ($_POST['contract_id'] as $contract) {
        $sql = hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "contractforclient` (\n\t\t\t`contract_Id`, \n\t\t\t`client_Id`\n\t\t\t)\n\t\t\tVALUES(\n\t\t\t'" . hesk_dbEscape($contract) . "', \n\t\t\t'" . $myuser['id'] . "'\n\t\t\t)");
    }
    unset($_SESSION['save_userdata']);
    unset($_SESSION['userdata']);
    hesk_process_messages($hesklang['user_profile_updated_success'], $_SERVER['PHP_SELF'], 'SUCCESS');
}