/**
  * Processes submitting of the form which is generated in
  * {@link \Mibew\Controller\Operator\PermissionsController::showFormAction()}
  * method.
  *
  * @param Request $request Incoming request.
  * @return string Rendered page content.
  * @throws NotFoundException If the operator with specified ID is not found
  *   in the system.
  */
 public function submitFormAction(Request $request)
 {
     csrf_check_token($request);
     $operator = $this->getOperator();
     $op_id = $request->attributes->getInt('operator_id');
     // Check if the target operator exists
     $op = operator_by_id($op_id);
     if (!$op) {
         throw new NotFoundException('The operator is not found.');
     }
     $new_permissions = isset($op['iperm']) ? $op['iperm'] : 0;
     foreach (permission_ids() as $perm => $id) {
         if ($request->request->get('permissions' . $id) == 'on') {
             $new_permissions |= 1 << $perm;
         } else {
             $new_permissions &= ~(1 << $perm);
         }
     }
     // Update operator's permissions in the database and in cached
     // authentication manager data if it is needed.
     update_operator_permissions($op['operatorid'], $new_permissions);
     if ($operator['operatorid'] == $op_id) {
         $operator['iperm'] = $new_permissions;
         $this->getAuthenticationManager()->setOperator($operator);
     }
     // Redirect the current operator to the same page using GET method.
     $redirect_to = $this->generateUrl('operator_permissions', array('operator_id' => $op_id, 'stored' => true));
     return $this->redirect($redirect_to);
 }
Example #2
0
            header("Location: {$webimroot}/operator/operator.php?op={$opId}&stored");
            exit;
        }
    } else {
        $page['formlogin'] = topage($login);
        $page['formname'] = topage($localname);
        $page['formemail'] = topage($email);
        $page['formjabber'] = topage($jabber);
        $page['formjabbernotify'] = $jabbernotify;
        $page['formcommonname'] = topage($commonname);
        $page['opid'] = topage($opId);
    }
} else {
    if (isset($_GET['op'])) {
        $opId = verifyparam('op', "/^\\d{1,9}\$/");
        $op = operator_by_id($opId);
        if (!$op) {
            $errors[] = getlocal("no_such_operator");
            $page['opid'] = topage($opId);
        } else {
            $page['formlogin'] = topage($op['vclogin']);
            $page['formname'] = topage($op['vclocalename']);
            $page['formemail'] = topage($op['vcemail']);
            $page['formjabber'] = topage($op['vcjabbername']);
            $page['formjabbernotify'] = $op['inotify'] != 0;
            $page['formcommonname'] = topage($op['vccommonname']);
            $page['opid'] = topage($op['operatorid']);
        }
    }
}
if (!$opId && !is_capable($can_administrate, $operator)) {
Example #3
0
    /**
     * Returns relative path of the avatar for operator related with the thread.
     *
     * @param array $args Associative array of arguments. It must contains the
     *   following keys:
     *    - 'threadId': ID of the thread the avatar should be retrieved for.
     *    - 'token': Token of the thread.
     * @return array Array of results. It contains following keys:
     *    - 'imageLink': string, relative path to operator's avatar.
     */
    protected function apiGetAvatar($args)
    {
        // Load thread and check thread's last token
        $thread = self::getThread($args['threadId'], $args['token']);

        $image_link = false;
        if ($thread->agentId) {
            $operator = operator_by_id($thread->agentId);
            if ($operator['vcavatar']) {
                $url_generator = $this->getAssetManager()->getUrlGenerator();
                $image_link = $url_generator->generate($operator['vcavatar']);
            }
        }

        return array('imageLink' => $image_link);
    }
Example #4
0
/**
 * Makes an operator enabled.
 *
 * @param int $operator_id ID of the operator to enable.
 */
function enable_operator($operator_id)
{
    $operator = operator_by_id($operator_id);
    $operator['idisabled'] = 0;
    update_operator($operator);
}
Example #5
0
    if ($nextGroup) {
        $page['message'] = getlocal2("chat.redirected.group.content", array(safe_htmlspecialchars(topage(get_group_name($nextGroup)))));
        if ($thread['istate'] == $state_chatting) {
            $link = connect();
            commit_thread($threadid, array("istate" => intval($state_waiting), "nextagent" => 0, "groupid" => intval($nextid), "agentId" => 0, "agentName" => "''"), $link);
            post_message_($thread['threadid'], $kind_events, getstring2_("chat.status.operator.redirect", array(get_operator_name($operator)), $thread['locale'], true), $link);
            mysql_close($link);
        } else {
            $errors[] = getlocal("chat.redirect.cannot");
        }
    } else {
        $errors[] = getlocal("chat.redirect.unknown_group");
    }
} else {
    $nextid = verifyparam("nextAgent", "/^\\d{1,10}\$/");
    $nextOperator = operator_by_id($nextid);
    if ($nextOperator) {
        $page['message'] = getlocal2("chat.redirected.content", array(safe_htmlspecialchars(topage(get_operator_name($nextOperator)))));
        if ($thread['istate'] == $state_chatting) {
            $link = connect();
            $threadupdate = array("istate" => intval($state_waiting), "nextagent" => intval($nextid), "agentId" => 0);
            if ($thread['groupid'] != 0) {
                if (FALSE === select_one_row("select groupid from {$mysqlprefix}chatgroupoperator where operatorid = " . intval($nextid) . " and groupid = " . intval($thread['groupid']), $link)) {
                    $threadupdate['groupid'] = 0;
                }
            }
            commit_thread($threadid, $threadupdate, $link);
            post_message_($thread['threadid'], $kind_events, getstring2_("chat.status.operator.redirect", array(get_operator_name($operator)), $thread['locale'], true), $link);
            mysql_close($link);
        } else {
            $errors[] = getlocal("chat.redirect.cannot");
Example #6
0
/**
 * Start chat thread for user
 *
 * @param int $group_id Id of group related to thread
 * @param array $requested_operator Array of requested operator info
 * @param string $visitor_id Id of the visitor
 * @param string $visitor_name Name of the visitor
 * @param string $referrer Page user came from
 * @param string $info User info
 *
 * @return Thread thread object
 */
function chat_start_for_user($group_id, $requested_operator, $visitor_id, $visitor_name, $referrer, $info)
{
    // Get user info
    $remote_host = get_remote_host();
    $user_browser = $_SERVER['HTTP_USER_AGENT'];
    // Check connection limit
    if (Thread::connectionLimitReached($remote_host)) {
        die("number of connections from your IP is exceeded, try again later");
    }
    // Check if visitor was invited to chat
    $is_invited = false;
    if (Settings::get('enabletracking')) {
        $invitation_state = invitation_state($_SESSION[SESSION_PREFIX . 'visitorid']);
        if ($invitation_state['invited']) {
            $is_invited = true;
        }
    }
    // Get info about requested operator
    $requested_operator_online = false;
    if ($requested_operator) {
        $requested_operator_online = is_operator_online($requested_operator['operatorid']);
    }
    // Get thread object
    if ($is_invited) {
        // Get thread from invitation
        $thread = invitation_accept($_SESSION[SESSION_PREFIX . 'visitorid']);
        if (!$thread) {
            die("Cannot start thread");
        }
    } else {
        // Create thread
        $thread = new Thread();
        $thread->state = Thread::STATE_LOADING;
        $thread->agentId = 0;
        if ($requested_operator && $requested_operator_online) {
            $thread->nextAgent = $requested_operator['operatorid'];
        }
    }
    // Update thread fields
    $thread->groupId = $group_id;
    $thread->userName = $visitor_name;
    $thread->remote = $remote_host;
    $thread->referer = $referrer;
    $thread->locale = get_current_locale();
    $thread->userId = $visitor_id;
    $thread->userAgent = $user_browser;
    $thread->save();
    $_SESSION[SESSION_PREFIX . 'threadid'] = $thread->id;
    // Store own thread ids to restrict access for other people
    if (!isset($_SESSION[SESSION_PREFIX . 'own_threads'])) {
        $_SESSION[SESSION_PREFIX . 'own_threads'] = array();
    }
    $_SESSION[SESSION_PREFIX . 'own_threads'][] = $thread->id;
    // Bind thread to the visitor
    if (Settings::get('enabletracking')) {
        track_visitor_bind_thread($visitor_id, $thread);
    }
    // Send several messages
    if ($is_invited) {
        $operator = operator_by_id($thread->agentId);
        $operator_name = get_operator_name($operator);
        $thread->postMessage(Thread::KIND_FOR_AGENT, getlocal('Visitor accepted invitation from operator {0}', array($operator_name), get_current_locale(), true));
    } else {
        if ($referrer) {
            $thread->postMessage(Thread::KIND_FOR_AGENT, getlocal('Vistor came from page {0}', array($referrer), get_current_locale(), true));
        }
        if ($requested_operator && !$requested_operator_online) {
            $thread->postMessage(Thread::KIND_INFO, getlocal('Thank you for contacting us. We are sorry, but requested operator <strong>{0}</strong> is offline. Another operator will be with you shortly.', array(get_operator_name($requested_operator)), get_current_locale(), true));
        } else {
            $thread->postMessage(Thread::KIND_INFO, getlocal('Thank you for contacting us. An operator will be with you shortly.', null, get_current_locale(), true));
        }
    }
    // TODO: May be move sending this message somewhere else?
    if ($info) {
        $thread->postMessage(Thread::KIND_FOR_AGENT, getlocal('Info: {0}', array($info), get_current_locale(), true));
    }
    // Let plugins know that user is ready to chat.
    $dispatcher = EventDispatcher::getInstance();
    $event_args = array('thread' => $thread);
    $dispatcher->triggerEvent(Events::THREAD_USER_IS_READY, $event_args);
    return $thread;
}
Example #7
0
 /**
  * Process chat thread redirection.
  *
  * @param Request $request Incoming request.
  * @return string|\Symfony\Component\HttpFoundation\RedirectResponse Rendered
  *   page content or a redirect response.
  * @throws NotFoundException If the thread with specified ID and token is
  * not found.
  * @throws BadRequestException If one or more arguments have a wrong format.
  */
 public function redirectAction(Request $request)
 {
     $thread_id = $request->attributes->get('thread_id');
     $token = $request->attributes->get('token');
     $thread = Thread::load($thread_id, $token);
     if (!$thread) {
         throw new NotFoundException('The thread is not found.');
     }
     $page = array('errors' => array());
     if ($request->query->has('nextGroup')) {
         // The thread was redirected to a group.
         $next_id = $request->query->get('nextGroup');
         if (!preg_match("/^\\d{1,10}\$/", $next_id)) {
             throw new BadRequestException('Wrong value of "nextGroup" argument.');
         }
         $next_group = group_by_id($next_id);
         if ($next_group) {
             $page['message'] = getlocal('The visitor has been placed in a priorty queue of the group {0}.', array(get_group_name($next_group)));
             if (!$this->redirectToGroup($thread, (int) $next_id)) {
                 $page['errors'][] = getlocal('You are not chatting with the visitor.');
             }
         } else {
             $page['errors'][] = 'Unknown group';
         }
     } else {
         // The thread was redirected to an operator.
         $next_id = $request->query->get('nextAgent');
         if (!preg_match("/^\\d{1,10}\$/", $next_id)) {
             throw new BadRequestException('Wrong value of "nextAgent" argument.');
         }
         $next_operator = operator_by_id($next_id);
         if ($next_operator) {
             $page['message'] = getlocal('The visitor has been placed in the priorty queue of the operator {0}.', array(get_operator_name($next_operator)));
             if (!$this->redirectToOperator($thread, $next_id)) {
                 $page['errors'][] = getlocal('You are not chatting with the visitor.');
             }
         } else {
             $page['errors'][] = 'Unknown operator';
         }
     }
     $page = array_merge_recursive($page, setup_logo());
     if (count($page['errors']) > 0) {
         return $this->render('error', $page);
     } else {
         return $this->render('redirected', $page);
     }
 }
Example #8
0
csrfchecktoken();
check_permissions($operator, $can_administrate);
$errors = array();
if (isset($_GET['act']) && $_GET['act'] == 'del') {
    $operatorid = isset($_GET['id']) ? $_GET['id'] : "";
    if (!preg_match("/^\\d+\$/", $operatorid)) {
        $errors[] = "Cannot delete: wrong argument";
    }
    if (!is_capable($can_administrate, $operator)) {
        $errors[] = "You are not allowed to remove operators";
    }
    if ($operatorid == $operator['operatorid']) {
        $errors[] = "Cannot remove self";
    }
    if (count($errors) == 0) {
        $op = operator_by_id($operatorid);
        if (!$op) {
            $errors[] = getlocal("no_such_operator");
        } else {
            if ($op['vclogin'] == 'admin') {
                $errors[] = 'Cannot remove operator "admin"';
            }
        }
    }
    if (count($errors) == 0) {
        $link = connect();
        perform_query("delete from {$mysqlprefix}chatgroupoperator where operatorid = " . intval($operatorid), $link);
        perform_query("delete from {$mysqlprefix}chatoperator where operatorid = " . intval($operatorid), $link);
        mysql_close($link);
        header("Location: {$mibewroot}/operator/operators.php");
        exit;
Example #9
0
 /**
  * Return updated visitors list. API function.
  *
  * Triggers
  * {@link \Mibew\EventDispatcher\Events::USERS_UPDATE_VISITORS_LOAD} and
  * {@link \Mibew\EventDispatcher\Events::USERS_UPDATE_VISITORS_ALTER}
  * events.
  *
  * @param array $args Associative array of arguments. It must contains the
  *   following keys:
  *    - 'agentId': Id of the agent related to users window
  *
  * @return array Array of results. It contains the following keys:
  *  - 'visitors': array of visitors on the site
  */
 protected function apiUpdateVisitors($args)
 {
     // Check access
     $this->checkOperator($args['agentId']);
     // Close old invitations
     invitation_close_old();
     // Remove old visitors
     track_remove_old_visitors();
     // Get instance of event dispatcher
     $dispatcher = EventDispatcher::getInstance();
     // Trigger load event
     $arguments = array('visitors' => false);
     $dispatcher->triggerEvent(Events::USERS_UPDATE_VISITORS_LOAD, $arguments);
     // Check if visiors list loaded by plugins
     if (!is_array($arguments['visitors'])) {
         // Load visitors list
         $db = Database::getInstance();
         // Load visitors
         $query = "SELECT v.visitorid, " . "v.userid, " . "v.username, " . "v.firsttime, " . "v.lasttime, " . "v.entry, " . "v.details, " . "t.invitationstate, " . "t.dtmcreated AS invitationtime, " . "t.agentId AS invitedby, " . "v.invitations, " . "v.chats " . "FROM {sitevisitor} v " . "LEFT OUTER JOIN {thread} t " . "ON t.threadid = v.threadid " . "WHERE v.threadid IS NULL " . "OR (t.istate = :state_invited " . "AND t.invitationstate = :invitation_wait)" . "ORDER BY t.invitationstate, v.lasttime DESC, v.invitations";
         $query .= Settings::get('visitors_limit') == '0' ? "" : " LIMIT " . Settings::get('visitors_limit');
         $rows = $db->query($query, array(':state_invited' => Thread::STATE_INVITED, ':invitation_wait' => Thread::INVITATION_WAIT), array('return_rows' => Database::RETURN_ALL_ROWS));
         $visitors = array();
         foreach ($rows as $row) {
             // Get visitor details
             $details = track_retrieve_details($row);
             // Get user agent
             $user_agent = get_user_agent_version($details['user_agent']);
             // Get user ip
             if (preg_match("/(\\d+\\.\\d+\\.\\d+\\.\\d+)/", $details['remote_host'], $matches) != 0) {
                 $user_ip = $matches[1];
             } else {
                 $user_ip = false;
             }
             // Get invitation info
             $row['invited'] = $row['invitationstate'] == Thread::INVITATION_WAIT;
             if ($row['invited']) {
                 $agent_name = get_operator_name(operator_by_id($row['invitedby']));
                 $invitation_info = array('time' => $row['invitationtime'], 'agentName' => $agent_name);
             } else {
                 $invitation_info = false;
             }
             // Create resulting visitor structure
             $visitors[] = array('id' => (int) $row['visitorid'], 'userId' => $row['userid'], 'userName' => $row['username'], 'userAgent' => $user_agent, 'userIp' => $user_ip, 'remote' => $details['remote_host'], 'firstTime' => $row['firsttime'], 'lastTime' => $row['lasttime'], 'invitations' => (int) $row['invitations'], 'chats' => (int) $row['chats'], 'invitationInfo' => $invitation_info);
         }
     } else {
         $visitors = $arguments['visitors'];
     }
     // Provide ability to alter visitors list
     $arguments = array('visitors' => $visitors);
     $dispatcher->triggerEvent(Events::USERS_UPDATE_VISITORS_ALTER, $arguments);
     // Send results back to the client. "array_values" function should be
     // used to avoid problems with JSON conversion. If there will be gaps in
     // keys (the keys are not serial) JSON Object will be produced instead
     // of an Array.
     return array('visitors' => array_values($arguments['visitors']));
 }
Example #10
0
 /**
  * Removes operator's avatar from the database.
  *
  * @param Request $request Incoming request.
  * @return string Rendered page content.
  * @throws NotFoundException If the operator with specified ID is not found
  *   in the system.
  */
 public function deleteAction(Request $request)
 {
     csrf_check_token($request);
     $operator = $this->getOperator();
     $op_id = $request->attributes->getInt('operator_id');
     // Try to load the target operator.
     if (!operator_by_id($op_id)) {
         throw new NotFoundException('The operator is not found');
     }
     // Try to remove the current operator's avatar if it exists.
     $current_avatar = $operator['vcavatar'];
     if ($current_avatar) {
         @unlink(MIBEW_FS_ROOT . '/files/avatar/' . basename($current_avatar));
     }
     // Update avatar value in database
     update_operator_avatar($op_id, '');
     // Redirect the current operator to the same page using GET method.
     $redirect_to = $this->generateUrl('operator_avatar', array('operator_id' => $op_id));
     return $this->redirect($redirect_to);
 }
Example #11
0
 /**
  * Processes submitting of the form which is generated in
  * {@link \Mibew\Controller\Operator\GroupsController::showFormAction()}
  * method.
  *
  * @param Request $request Incoming request.
  * @return string Rendered page content.
  * @throws NotFoundException If the operator with specified ID is not found
  *   in the system.
  */
 public function submitFormAction(Request $request)
 {
     csrf_check_token($request);
     $operator = $this->getOperator();
     $operator_in_isolation = in_isolation($operator);
     $op_id = $request->attributes->getInt('operator_id');
     // Check if the target operator exists
     $op = operator_by_id($op_id);
     if (!$op) {
         throw new NotFoundException('The operator is not found.');
     }
     // Get all groups that are available for the target operator.
     $groups = $operator_in_isolation ? get_groups_for_operator($operator) : get_all_groups();
     // Build list of operator's new groups.
     $new_groups = array();
     foreach ($groups as $group) {
         if ($request->request->get('group' . $group['groupid']) == 'on') {
             $new_groups[] = $group['groupid'];
         }
     }
     // Update operator's group and redirect the current operator to the same
     // page using GET method.
     update_operator_groups($op['operatorid'], $new_groups);
     $redirect_to = $this->generateUrl('operator_groups', array('operator_id' => $op_id, 'stored' => true));
     return $this->redirect($redirect_to);
 }
Example #12
0
 /**
  * Processes submitting of the form which is generated in
  * {@link \Mibew\Controller\OperatorController::showEditFormAction()} method.
  *
  * @param Request $request Incoming request.
  * @return string Rendered page content.
  */
 public function submitFormAction(Request $request)
 {
     csrf_check_token($request);
     $errors = array();
     $operator = $this->getOperator();
     $op_id = $request->attributes->getInt('operator_id');
     $login = $request->request->get('login');
     $email = $request->request->get('email');
     $password = $request->request->get('password');
     $password_confirm = $request->request->get('passwordConfirm');
     $local_name = $request->request->get('name');
     $common_name = $request->request->get('commonname');
     $code = $request->request->get('code');
     if (!$local_name) {
         $errors[] = no_field('Name');
     }
     if (!$common_name) {
         $errors[] = no_field('International name (Latin)');
     }
     // The login is needed only for new operators. If login is changed for
     // existing operator the stored password hash becomes invalid.
     if (!$op_id) {
         if (!$login) {
             $errors[] = no_field('Login');
         } elseif (!preg_match("/^[\\w_\\.]+\$/", $login)) {
             $errors[] = getlocal('Login should contain only latin characters, numbers and underscore symbol.');
         }
     }
     if (!$email || !MailUtils::isValidAddress($email)) {
         $errors[] = wrong_field('E-mail');
     }
     if ($code && !preg_match("/^[A-Za-z0-9_]+\$/", $code)) {
         $errors[] = getlocal('Code should contain only latin characters, numbers and underscore symbol.');
     }
     if (!$op_id && !$password) {
         $errors[] = no_field('Password');
     }
     if ($password != $password_confirm) {
         $errors[] = getlocal('Entered passwords do not match');
     }
     $existing_operator = operator_by_login($login);
     $duplicate_login = !$op_id && $existing_operator || $op_id && $existing_operator && $op_id != $existing_operator['operatorid'];
     if ($duplicate_login) {
         $errors[] = getlocal('Please choose another login because an operator with that login is already registered in the system.');
     }
     // Check if operator with specified email already exists in the database.
     $existing_operator = operator_by_email($email);
     $duplicate_email = !$op_id && $existing_operator || $op_id && $existing_operator && $op_id != $existing_operator['operatorid'];
     if ($duplicate_email) {
         $errors[] = getlocal('Please choose another email because an operator with that email is already registered in the system.');
     }
     if (count($errors) != 0) {
         $request->attributes->set('errors', $errors);
         // The form should be rebuild. Invoke appropriate action.
         return $this->showFormAction($request);
     }
     if (!$op_id) {
         // Create new operator and redirect the current operator to avatar
         // page.
         $new_operator = create_operator($login, $email, $password, $local_name, $common_name, '', $code);
         $redirect_to = $this->generateUrl('operator_avatar', array('operator_id' => $new_operator['operatorid']));
         return $this->redirect($redirect_to);
     }
     // Mix old operator's fields with updated values
     $target_operator = array('vcemail' => $email, 'vclocalename' => $local_name, 'vccommonname' => $common_name, 'code' => $code) + operator_by_id($op_id);
     // Set the password only if it's not an empty string.
     if ($password !== '') {
         $target_operator['vcpassword'] = calculate_password_hash($target_operator['vclogin'], $password);
     }
     // Update operator's fields in the database.
     update_operator($target_operator);
     // Operator's data are cached in the authentication manager, thus we need
     // to manually update them.
     if ($target_operator['operatorid'] == $operator['operatorid']) {
         // Check if the admin has set his password for the first time.
         $to_dashboard = check_password_hash($operator['vclogin'], '', $operator['vcpassword']) && $password != '';
         // Update operator's fields.
         $this->getAuthenticationManager()->setOperator($target_operator);
         // Redirect the admin to the home page if needed.
         if ($to_dashboard) {
             return $this->redirect($this->generateUrl('home_operator'));
         }
     }
     // Redirect the operator to edit page again to use GET method instead of
     // POST.
     $redirect_to = $this->generateUrl('operator_edit', array('operator_id' => $op_id, 'stored' => true));
     return $this->redirect($redirect_to);
 }
 /**
  * Resets operators password and provides an ability to set the new one.
  *
  * @param Request $request
  * @return string Rendered page content
  */
 public function resetAction(Request $request)
 {
     $page = array('version' => MIBEW_VERSION, 'showform' => true, 'title' => getlocal('Change your password'), 'headertitle' => getlocal('Mibew Messenger'), 'show_small_login' => true, 'fixedwrap' => true, 'errors' => array());
     if ($request->isMethod('POST')) {
         // When HTTP GET method is used the form is just rendered but the
         // user does not pass any data. Thus we need to prevent CSRF attacks
         // only for POST requests
         csrf_check_token($request);
     }
     // Make sure user id is specified and its format is correct.
     $op_id = $request->isMethod('GET') ? $request->query->get('id') : $request->request->get('id');
     if (!preg_match("/^\\d{1,9}\$/", $op_id)) {
         throw new BadRequestException();
     }
     // Make sure token is specified and its format is correct.
     $token = $request->isMethod('GET') ? $request->query->get('token') : $request->request->get('token');
     if (!preg_match("/^[\\dabcdef]+\$/", $token)) {
         throw new BadRequestException();
     }
     $operator = operator_by_id($op_id);
     if (!$operator) {
         $page['errors'][] = 'No such operator';
         $page['showform'] = false;
     } elseif ($token != $operator['vcrestoretoken']) {
         $page['errors'][] = 'Wrong token';
         $page['showform'] = false;
     }
     if (count($page['errors']) == 0 && $request->isMethod('POST') && $request->request->has('password')) {
         $password = $request->request->get('password');
         $password_confirm = $request->request->get('passwordConfirm');
         if (!$password) {
             $page['errors'][] = no_field('Password');
         }
         if ($password != $password_confirm) {
             $page['errors'][] = getlocal('Entered passwords do not match');
         }
         if (count($page['errors']) == 0) {
             $page['isdone'] = true;
             // Update the operator
             $operator['vcrestoretoken'] = '';
             $operator['vcpassword'] = calculate_password_hash($operator['vclogin'], $password);
             update_operator($operator);
             $page['loginname'] = $operator['vclogin'];
             return $this->render('password_recovery_reset', $page);
         }
     }
     $page['id'] = $op_id;
     $page['token'] = $token;
     $page['isdone'] = false;
     return $this->render('password_recovery_reset', $page);
 }
 /**
  * Enables an operator.
  *
  * @param Request $request Incoming request.
  * @return string Rendered page content.
  * @throws NotFoundException If the operator with specified ID is not found
  *   in the system.
  */
 public function enableAction(Request $request)
 {
     csrf_check_token($request);
     $operator_id = $request->attributes->getInt('operator_id');
     if (!operator_by_id($operator_id)) {
         throw new NotFoundException('The operator is not found.');
     }
     enable_operator($operator_id);
     // Redirect the current operator to the page with operators list
     return $this->redirect($this->generateUrl('operators'));
 }
Example #15
0
 /**
  * Provides a gateway for widget requests.
  *
  * Triggers {@link \Mibew\EventDispatcher\Events::VISITOR_TRACK} event.
  *
  * @param Request $request
  * @return string Rendered page content
  */
 public function indexAction(Request $request)
 {
     $operator = array();
     $response_data = array('load' => array(), 'handlers' => array(), 'dependencies' => array(), 'data' => array());
     $tracking_allowed = Settings::get('enabletracking') == '1' && (Settings::get('trackoperators') == '1' || !$this->getOperator());
     if ($tracking_allowed) {
         $entry = $request->query->get('entry', '');
         $referer = $request->server->get('HTTP_REFERER', '');
         $user_id = $request->query->get('user_id', false);
         // Check if session was started
         if (isset($_SESSION[SESSION_PREFIX . 'visitorid']) && preg_match('/^[0-9]+$/', $_SESSION[SESSION_PREFIX . 'visitorid'])) {
             // Session was started. Just track the visitor.
             $visitor_id = track_visitor($_SESSION[SESSION_PREFIX . 'visitorid'], $entry, $referer);
             $visitor = track_get_visitor_by_id($visitor_id);
         } else {
             $visitor = track_get_visitor_by_user_id($user_id);
             if ($visitor !== false) {
                 // Session is not started but the visitor exists in
                 // database. Probably third-party cookies are disabled by
                 // the browser. Use tracking by local cookie at target site.
                 $visitor_id = track_visitor($visitor['visitorid'], $entry, $referer);
             } else {
                 // Start tracking session
                 $visitor_id = track_visitor_start($entry, $referer);
                 $visitor = track_get_visitor_by_id($visitor_id);
             }
         }
         if ($visitor_id) {
             $_SESSION[SESSION_PREFIX . 'visitorid'] = $visitor_id;
         }
         if ($user_id === false) {
             // Update local cookie value at target site
             $response_data['handlers'][] = 'updateUserId';
             $response_data['dependencies']['updateUserId'] = array();
             $response_data['data']['user']['id'] = $visitor['userid'];
         }
         // Provide an ability for others to make something on visitor
         // tracking
         $event_arguments = array('visitor' => $visitor);
         EventDispatcher::getInstance()->triggerEvent(Events::VISITOR_TRACK, $event_arguments);
         // Get invitation state
         $invitation_state = invitation_state($visitor_id);
         // Check if invitation is closed
         if (!$invitation_state['invited'] && !empty($_SESSION[SESSION_PREFIX . 'invitation_threadid'])) {
             $response_data['handlers'][] = 'invitationClose';
             $response_data['dependencies']['invitationClose'] = array();
             unset($_SESSION[SESSION_PREFIX . 'invitation_threadid']);
         }
         // Check if the visitor is just invited to chat
         $is_invited = $invitation_state['invited'] && (empty($_SESSION[SESSION_PREFIX . 'invitation_threadid']) ? true : $_SESSION[SESSION_PREFIX . 'invitation_threadid'] != $invitation_state['threadid']);
         if ($is_invited) {
             // Load invitation thread
             $thread = Thread::load($invitation_state['threadid']);
             // Get operator info
             $operator = operator_by_id($thread->agentId);
             $locale = $request->query->get('locale', '');
             $operator_name = $locale == get_home_locale() ? $operator['vclocalename'] : $operator['vccommonname'];
             $avatar_url = $operator['vcavatar'] ? $this->asset($operator['vcavatar'], AssetUrlGeneratorInterface::ABSOLUTE_URL) : false;
             // Show invitation dialog at widget side
             $response_data['handlers'][] = 'invitationCreate';
             $response_data['dependencies']['invitationCreate'] = array();
             $response_data['data']['invitation'] = array('operatorName' => htmlspecialchars($operator_name), 'avatarUrl' => htmlspecialchars($avatar_url), 'threadUrl' => $this->generateUrl('chat_user_invitation', array(), UrlGeneratorInterface::ABSOLUTE_URL), 'acceptCaption' => getlocal('Answer'));
             $_SESSION[SESSION_PREFIX . 'invitation_threadid'] = $thread->id;
         }
         // Check if the visitor rejects invitation
         if ($invitation_state['invited'] && $request->query->get('invitation_rejected')) {
             invitation_reject($visitor_id);
         }
         $event_arguments = array('visitor' => $visitor, 'request' => $request, 'response' => $response_data, 'route_url_generator' => $this->getRouter(), 'asset_url_generator' => $this->getAssetManager()->getUrlGenerator());
         EventDispatcher::getInstance()->triggerEvent(Events::WIDGET_RESPONSE_ALTER, $event_arguments);
         $response_data = $event_arguments['response'];
     }
     // Builds JSONP response
     $response = new JsonResponse($response_data);
     $response->setCallback("Mibew.Objects.widget.onResponse");
     // Add headers to overcome third-party cookies problem.
     $response->headers->set('P3P', 'CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"');
     return $response;
 }