/**
* Process
* Works out what's going on.
* The API does the loading, saving, updating - this page just displays the right form(s), checks password validation and so on.
* After that, it'll print a success/failure message depending on what happened.
* It also checks to make sure that you're an admin before letting you add or delete.
* It also checks you're not going to delete your own account.
* If you're not an admin user, it won't let you edit anyone elses account and it won't let you delete your own account either.
*
* @see PrintHeader
* @see ParseTemplate
* @see IEM::getDatabase()
* @see GetUser
* @see GetLang
* @see User_API::Set
* @see PrintEditForm
* @see CheckUserSystem
* @see PrintManageUsers
* @see User_API::Find
* @see User_API::Admin
* @see PrintFooter
*
* @return Void Doesn't return anything, passes control over to the relevant function and prints that functions return message.
*/
function Process()
{
$action = (isset($_GET['Action'])) ? strtolower($_GET['Action']) : '';
if (!in_array($action, $this->PopupWindows)) {
$this->PrintHeader();
}
$thisuser = IEM::getCurrentUser();
$checkaction = $action;
if ($action == 'generatetoken') {
$checkaction = 'manage';
}
if (!$thisuser->HasAccess('users', $checkaction)) {
$this->DenyAccess();
}
if ($action == 'processpaging') {
$this->SetPerPage($_GET['PerPageDisplay']);
$action = '';
}
switch ($action) {
case 'generatetoken':
$check_fields = array('username', 'fullname', 'emailaddress');
foreach ($check_fields as $field) {
if (!isset($_POST[$field])) {
exit;
}
$$field = $_POST[$field];
}
$user = GetUser();
echo htmlspecialchars(sha1($username . $fullname . $emailaddress . GetRealIp(true) . time() . microtime()), ENT_QUOTES, SENDSTUDIO_CHARSET);
exit;
break;
case 'save':
$userid = (isset($_GET['UserID']))
? $_GET['UserID']
: 0;
if (empty($_POST)) {
$GLOBALS['Error'] = GetLang('UserNotUpdated');
$GLOBALS['Message'] = $this->ParseTemplate('ErrorMsg', true, false);
$this->PrintEditForm($userid);
break;
}
$user = GetUser($userid);
$username = false;
if (isset($_POST['username'])) {
$username = $_POST['username'];
}
$userfound = $user->Find($username);
$error = false;
$template = false;
$duplicate_username = false;
if ($userfound && $userfound != $userid) {
$duplicate_username = true;
$error = GetLang('UserAlreadyExists');
}
$warnings = array();
$GLOBALS['Message'] = '';
if (!$duplicate_username) {
$to_check = array();
foreach (array('status' => 'isLastActiveUser', 'admintype' => 'isLastSystemAdmin') as $area => $desc) {
if (!isset($_POST[$area])) {
$to_check[] = $desc;
}
if (isset($_POST[$area]) && $_POST[$area] == '0') {
$to_check[] = $desc;
}
}
if ($user->isAdmin()) {
$to_check[] = 'isLastSystemAdmin';
}
$error = $this->CheckUserSystem($userid, $to_check);
if (!$error) {
$smtptype = (isset($_POST['smtptype']))
? $_POST['smtptype']
: 0;
// Make sure smtptype is eiter 0 or 1
if ($smtptype != 1) {
$smtptype = 0;
}
/**
* This was added, because User's API uses different names than of the HTML form names.
* HTML form names should stay the same to keep it consistant throught the application
*
* This will actually map HTML forms => User's API fields
*/
$areaMapping = array(
'trialuser' => 'trialuser',
'groupid' => 'groupid',
'username' => 'username',
'fullname' => 'fullname',
'emailaddress' => 'emailaddress',
'status' => 'status',
'admintype' => 'admintype',
'listadmintype' => 'listadmintype',
'segmentadmintype' => 'segmentadmintype',
'templateadmintype' => 'templateadmintype',
'editownsettings' => 'editownsettings',
'usertimezone' => 'usertimezone',
'textfooter' => 'textfooter',
'htmlfooter' => 'htmlfooter',
'infotips' => 'infotips',
'smtp_server' => 'smtpserver',
'smtp_u' => 'smtpusername',
'smtp_p' => 'smtppassword',
'smtp_port' => 'smtpport',
'usewysiwyg' => 'usewysiwyg',
'usexhtml' => 'usexhtml',
'enableactivitylog' => 'enableactivitylog',
'xmlapi' => 'xmlapi',
'xmltoken' => 'xmltoken',
'googlecalendarusername' => 'googlecalendarusername',
'googlecalendarpassword' => 'googlecalendarpassword',
'user_language' => 'user_language',
'adminnotify_email' => 'adminnotify_email',
'adminnotify_send_flag' => 'adminnotify_send_flag',
'adminnotify_send_threshold' => 'adminnotify_send_threshold',
'adminnotify_send_emailtext' => 'adminnotify_send_emailtext',
'adminnotify_import_flag' => 'adminnotify_import_flag',
'adminnotify_import_threshold' => 'adminnotify_import_threshold',
'adminnotify_import_emailtext' => 'adminnotify_import_emailtext'
);
$group = API_USERGROUPS::getRecordById($_POST['groupid']);
$totalEmails = (int) $group['limit_totalemailslimit'];
$unlimitedEmails = $totalEmails == 0;
// set fields
foreach ($areaMapping as $p => $area) {
$val = (isset($_POST[$p])) ? $_POST[$p] : '';
if (in_array($area, array('status', 'editownsettings'))) {
if ($userid == $thisuser->userid) {
$val = $thisuser->$area;
}
}
$user->Set($area, $val);
}
// activity type
$activity = IEM::requestGetPOST('eventactivitytype', '', 'trim');
if (!empty($activity)) {
$activity_array = explode("\n", $activity);
for ($i = 0, $j = count($activity_array); $i < $j; ++$i) {
$activity_array[$i] = trim($activity_array[$i]);
}
} else {
$activity_array = array();
}
$user->Set('eventactivitytype', $activity_array);
// the 'limit' things being on actually means unlimited. so check if the value is NOT set.
foreach (array('permonth', 'perhour', 'maxlists') as $p => $area) {
$limit_check = 'limit' . $area;
$val = 0;
if (!isset($_POST[$limit_check])) {
$val = (isset($_POST[$area]))
? $_POST[$area]
: 0;
}
$user->Set($area, $val);
}
if (SENDSTUDIO_MAXHOURLYRATE > 0) {
if ($user->Get('perhour') == 0 || ($user->Get('perhour') > SENDSTUDIO_MAXHOURLYRATE)) {
$user_hourly = $this->FormatNumber($user->Get('perhour'));
if ($user->Get('perhour') == 0) {
$user_hourly = GetLang('UserPerHour_Unlimited');
}
$warnings[] = sprintf(GetLang('UserPerHourOverMaxHourlyRate'), $this->FormatNumber(SENDSTUDIO_MAXHOURLYRATE), $user_hourly);
}
}
if ($smtptype == 0) {
$user->Set('smtpserver', '');
$user->Set('smtpusername', '');
$user->Set('smtppassword', '');
$user->Set('smtpport', 25);
}
if ($_POST['ss_p'] != '') {
if ($_POST['ss_p_confirm'] != '' && $_POST['ss_p_confirm'] == $_POST['ss_p']) {
$user->Set('password', $_POST['ss_p']);
} else {
$error = GetLang('PasswordsDontMatch');
}
}
}
if (!$error) {
$user->RevokeAccess();
$temp = array();
if (!empty($_POST['permissions'])) {
foreach ($_POST['permissions'] as $area => $p) {
foreach ($p as $subarea => $k) {
$temp[$subarea] = $user->GrantAccess($area, $subarea);
}
}
}
}
}
if (!$error) {
$result = $user->Save();
if ($result) {
FlashMessage(GetLang('UserUpdated'), SS_FLASH_MSG_SUCCESS, IEM::urlFor('Users'));
} else {
$GLOBALS['Message'] = GetFlashMessages();
$GLOBALS['Error'] = GetLang('UserNotUpdated');
$GLOBALS['Message'] .= $this->ParseTemplate('ErrorMsg', true, false);
}
} else {
$GLOBALS['Error'] = $error;
$GLOBALS['Message'] = $this->ParseTemplate('ErrorMsg', true, false);
}
if (!empty($warnings)) {
$GLOBALS['Warning'] = implode('<br/>', $warnings);
$GLOBALS['Message'] .= $this->ParseTemplate('WarningMsg', true, false);
}
$this->PrintEditForm($userid);
break;
case 'add':
$temp = get_available_user_count();
if ($temp['normal'] == 0 && $temp['trial'] == 0) {
$this->PrintManageUsers();
break;
}
$this->PrintEditForm(0);
break;
case 'delete':
$users = IEM::requestGetPOST('users', array(), 'intval');
$deleteData = (IEM::requestGetPOST('deleteData', 0, 'intval') == 1);
$this->DeleteUsers($users, $deleteData);
break;
case 'create':
$user = New User_API();
$warnings = array();
$fields = array(
'trialuser', 'username', 'fullname', 'emailaddress',
'status', 'admintype', 'editownsettings',
'listadmintype', 'segmentadmintype', 'usertimezone',
'textfooter', 'htmlfooter', 'templateadmintype',
'infotips', 'smtpserver',
'smtpusername', 'smtpport', 'usewysiwyg',
'enableactivitylog', 'xmlapi', 'xmltoken',
'googlecalendarusername','googlecalendarpassword',
'adminnotify_email','adminnotify_send_flag','adminnotify_send_threshold',
'adminnotify_send_emailtext','adminnotify_import_flag','adminnotify_import_threshold',
'adminnotify_import_emailtext'
);
if (!$user->Find($_POST['username'])) {
foreach ($fields as $p => $area) {
$val = (isset($_POST[$area]))
? $_POST[$area]
: '';
$user->Set($area, $val);
}
// activity type
$activity = IEM::requestGetPOST('eventactivitytype', '', 'trim');
if (!empty($activity)) {
$activity_array = explode("\n", $activity);
for ($i = 0, $j = count($activity_array); $i < $j; ++$i) {
$activity_array[$i] = trim($activity_array[$i]);
}
} else {
$activity_array = array();
}
$user->Set('eventactivitytype', $activity_array);
// the 'limit' things being on actually means unlimited. so check if the value is NOT set.
foreach (array('permonth', 'perhour', 'maxlists') as $p => $area) {
$limit_check = 'limit' . $area;
$val = 0;
if (!isset($_POST[$limit_check])) {
$val = (isset($_POST[$area]))
? $_POST[$area]
: 0;
}
$user->Set($area, $val);
}
if (SENDSTUDIO_MAXHOURLYRATE > 0) {
if ($user->Get('perhour') == 0 || ($user->Get('perhour') > SENDSTUDIO_MAXHOURLYRATE)) {
$user_hourly = $this->FormatNumber($user->Get('perhour'));
if ($user->Get('perhour') == 0) {
$user_hourly = GetLang('UserPerHour_Unlimited');
}
$warnings[] = sprintf(GetLang('UserPerHourOverMaxHourlyRate'), $this->FormatNumber(SENDSTUDIO_MAXHOURLYRATE), $user_hourly);
}
}
// this has a different post value otherwise firefox tries to pre-fill it.
$smtp_password = '';
if (isset($_POST['smtp_p'])) {
$smtp_password = $_POST['smtp_p'];
}
$user->Set('smtppassword', $smtp_password);
$error = false;
if ($_POST['ss_p'] != '') {
if ($_POST['ss_p_confirm'] != '' && $_POST['ss_p_confirm'] == $_POST['ss_p']) {
$user->Set('password', $_POST['ss_p']);
} else {
$error = GetLang('PasswordsDontMatch');
}
}
if (!$error) {
if (!empty($_POST['permissions'])) {
foreach ($_POST['permissions'] as $area => $p) {
foreach ($p as $subarea => $k) {
$user->GrantAccess($area, $subarea);
}
}
}
if (!empty($_POST['lists'])) {
$user->GrantListAccess($_POST['lists']);
}
if (!empty($_POST['templates'])) {
$user->GrantTemplateAccess($_POST['templates']);
}
if (!empty($_POST['segments'])) {
$user->GrantSegmentAccess($_POST['segments']);
}
$GLOBALS['Message'] = '';
if (!empty($warnings)) {
$GLOBALS['Warning'] = implode('<br/>', $warnings);
$GLOBALS['Message'] .= $this->ParseTemplate('WarningMsg', true, false);
}
$user->Set('gettingstarted', 0);
$user->Set('groupid', (int) IEM_Request::getParam('groupid'));
$result = $user->Create();
if ($result == '-1') {
FlashMessage(GetLang('UserNotCreated_License'), SS_FLASH_MSG_ERROR, IEM::urlFor('Users'));
break;
} else {
if ($result) {
FlashMessage(GetLang('UserCreated'), SS_FLASH_MSG_SUCCESS, IEM::urlFor('Users'));
break;
} else {
FlashMessage(GetLang('UserNotCreated'), SS_FLASH_MSG_ERROR, IEM::urlFor('Users'));
}
}
} else {
$GLOBALS['Error'] = $error;
}
} else {
$GLOBALS['Error'] = GetLang('UserAlreadyExists');
}
$GLOBALS['Message'] = $this->ParseTemplate('ErrorMsg', true, false);
$details = array();
foreach (array('FullName', 'EmailAddress', 'Status', 'AdminType', 'ListAdminType', 'SegmentAdminType', 'TemplateAdminType', 'InfoTips', 'forcedoubleoptin', 'forcespamcheck', 'smtpserver', 'smtpusername', 'smtpport') as $p => $area) {
$lower = strtolower($area);
$val = (isset($_POST[$lower])) ? $_POST[$lower] : '';
$details[$area] = $val;
}
$this->PrintEditForm(0, $details);
break;
case 'edit':
$userid = IEM::requestGetGET('UserID', 0, 'intval');
if ($userid == 0) {
$this->DenyAccess();
}
$this->PrintEditForm($userid);
break;
case 'sendpreviewdisplay':
$this->PrintHeader(true);
$this->SendTestPreviewDisplay('index.php?Page=Users&Action=SendPreview', 'self.parent.getSMTPPreviewParameters()');
$this->PrintFooter(true);
break;
case 'testgooglecalendar':
$status = array(
'status' => false,
'message' => ''
);
try {
$details = array(
'username' => $_REQUEST['gcusername'],
'password' => $_REQUEST['gcpassword']
);
$this->GoogleCalendarAdd($details, true);
$status['status'] = true;
$status['message'] = GetLang('GooglecalendarTestSuccess');
} catch (Exception $e) {
$status['message'] = GetLang('GooglecalendarTestFailure');
}
print GetJSON($status);
break;
case 'sendpreview':
$this->SendTestPreview();
break;
default:
$this->PrintManageUsers();
break;
}
if (!in_array($action, $this->PopupWindows)) {
$this->PrintFooter();
}
}
/**
* Automates relationship property setting.
*
* Automatically loads a relationship based on which property is accessed.
* If the db class was better we could automate this process for one-to-one
* one-to-many, many-to-one and many-to-many relationships.
*
* @param string $name The name of the variable to get.
*
* @return mixed;
*/
public function __get($name) {
switch ($name) {
case 'group':
if (!isset($this->group)) {
$this->group = (object) API_USERGROUPS::getRecordById($this->groupid);
}
return $this->group;
break;
}
}
/**
* Returns the group associated to the current user.
*
* @return record_UserGroups
*/
public function getGroup()
{
return API_USERGROUPS::getRecordById($this->groupid);
}
/**
* Evaluate credit warning conditions
*
* This method will evaluate credit warnings for a particular user.
* It will dispatch warning emails accrodingly.
*
* @param record_Users|integer $user User record object or user ID
* @return boolean Returns TRUE if successful, FALSE otherwise
*
* @todo fixed credits does not have warnings yet
*/
public static function creditEvaluateWarnings($user)
{
$userobject = null;
$warnings = null;
$this_month = mktime(0, 0, 0, date('n'), 1, date('Y'));
$credit_left = null;
// ----- PRE
if ($user instanceof record_Users) {
$userobject = $user;
} else {
$userobject = self::getRecordByID($user);
}
if (empty($userobject)) {
trigger_error(__CLASS__ . '::' . __METHOD__ . ' -- User is not specified', E_USER_NOTICE);
return false;
}
// -----
// Credit warnings are not enabled
if (!SENDSTUDIO_CREDIT_WARNINGS) {
return true;
}
require_once IEM_PUBLIC_PATH . '/functions/api/settings.php';
$tempSettingsAPI = new Settings_API();
$warnings = $tempSettingsAPI->GetCreditWarningsSettings();
// Does not hany any warnings setup? Well... we can't continue then.
if (empty($warnings)) {
return true;
}
$credit_left = self::creditAvailableTotal($userobject);
//unlimited credit
if ($credit_left === true) {
return true;
}
$whichlevel = self::creditWhichWarning($userobject, $credit_left, $warnings);
// If $whichlevel contains FALSE, that means there was something wrong
// when trying to figure out which warning level it should send out.
if ($whichlevel === false) {
return true;
}
$userGroup = API_USERGROUPS::getRecordById($userobject->groupid);
if (!isset($userGroup['limit_emailspermonth'])) {
return false;
}
$userobject_permonth = (int) $userGroup['limit_emailspermonth'];
$fixed = self::creditAvailableFixed($userobject);
$monthly = self::creditAvailableThisMonth($userobject);
if ($fixed === true) {
$userobject_permonth = $monthly;
} elseif ($monthly === true) {
$userobject_permonth = $fixed;
}
if (!empty($whichlevel)) {
$tempNames = explode(' ', $userobject->fullname);
$tempLastName = array_pop($tempNames);
$tempFirstName = implode(' ', $tempNames);
$available_custom_fields_key = array('%%user_fullname%%', '%%user_firstname%%', '%%user_lastname%%', '%%credit_total%%', '%%credit_remains%%', '%%credit_remains_precentage%%', '%%credit_used%%', '%%credit_used_percentage%%');
$available_custom_fields_value = array($userobject->fullname, $tempFirstName, $tempLastName, $userobject_permonth, intval($userobject_permonth * ($credit_left / 100)), intval($credit_left), intval($userobject_permonth * ((100 - $credit_left) / 100)), intval(100 - $credit_left));
$email_contents = str_replace($available_custom_fields_key, $available_custom_fields_value, $whichlevel['emailcontents']);
$email_subject = str_replace($available_custom_fields_key, $available_custom_fields_value, $whichlevel['emailsubject']);
// ----- We found which warnings it is that we want to send out
require_once IEM_PATH . '/ext/interspire_email/email.php';
$emailapi = new Email_API();
$emailapi->SetSmtp(SENDSTUDIO_SMTP_SERVER, SENDSTUDIO_SMTP_USERNAME, @base64_decode(SENDSTUDIO_SMTP_PASSWORD), SENDSTUDIO_SMTP_PORT);
if ($userobject->smtpserver) {
$emailapi->SetSmtp($userobject->smtpserver, $userobject->smtpusername, $userobject->smtppassword, $userobject->smtpport);
}
$emailapi->ClearRecipients();
$emailapi->ForgetEmail();
$emailapi->Set('forcechecks', false);
$emailapi->AddRecipient($userobject->emailaddress, $userobject->fullname, 't');
$emailapi->Set('FromName', false);
$emailapi->Set('FromAddress', defined('SENDSTUDIO_EMAIL_ADDRESS') ? SENDSTUDIO_EMAIL_ADDRESS : $userobject->emailaddress);
$emailapi->Set('BounceAddress', SENDSTUDIO_EMAIL_ADDRESS);
$emailapi->Set('CharSet', SENDSTUDIO_CHARSET);
$emailapi->Set('Subject', $email_subject);
$emailapi->AddBody('text', $email_contents);
$status = $emailapi->Send();
if ($status['success'] != 1) {
trigger_error(__CLASS__ . '::' . __METHOD__ . ' -- Was not able to send email: ' . serialize($status['failed']), E_USER_NOTICE);
return false;
}
// -----
// ----- Update user record
$db = IEM::getDatabase();
$status = $db->Query("UPDATE [|PREFIX|]users SET credit_warning_time = {$this_month}, credit_warning_percentage = {$whichlevel['creditlevel']} WHERE userid = {$userobject->userid}");
// Update user object in session
// FIXME, we really need to make a special getter/setter for this
$current_user = IEM::getCurrentUser();
if ($current_user && $current_user->userid == $userobject->userid) {
$current_user->credit_warning_time = $this_month;
$current_user->credit_warning_percentage = $whichlevel['creditlevel'];
}
// -----
}
return true;
}
