function save($id, $vars, &$errors) { $vars['username'] = Format::striptags($vars['username']); $vars['firstname'] = Format::striptags($vars['firstname']); $vars['lastname'] = Format::striptags($vars['lastname']); if ($id && $id != $vars['id']) { $errors['err'] = __('Internal Error'); } if (!$vars['firstname']) { $errors['firstname'] = __('First name required'); } if (!$vars['lastname']) { $errors['lastname'] = __('Last name required'); } $error = ''; if (!$vars['username'] || !Validator::is_username($vars['username'], $error)) { $errors['username'] = $error ? $error : __('Username is required'); } elseif (($uid = Staff::getIdByUsername($vars['username'])) && $uid != $id) { $errors['username'] = __('Username already in use'); } if (!$vars['email'] || !Validator::is_valid_email($vars['email'])) { $errors['email'] = __('Valid email is required'); } elseif (Email::getIdByEmail($vars['email'])) { $errors['email'] = __('Already in use system email'); } elseif (($uid = Staff::getIdByEmail($vars['email'])) && $uid != $id) { $errors['email'] = __('Email already in use by another agent'); } if ($vars['phone'] && !Validator::is_phone($vars['phone'])) { $errors['phone'] = __('Valid phone number is required'); } if ($vars['mobile'] && !Validator::is_phone($vars['mobile'])) { $errors['mobile'] = __('Valid phone number is required'); } if ($vars['passwd1'] || $vars['passwd2'] || !$id) { if ($vars['passwd1'] && strcmp($vars['passwd1'], $vars['passwd2'])) { $errors['passwd2'] = __('Passwords do not match'); } elseif ($vars['backend'] != 'local' || $vars['welcome_email']) { // Password can be omitted } elseif (!$vars['passwd1'] && !$id) { $errors['passwd1'] = __('Temporary password is required'); $errors['temppasswd'] = __('Required'); } elseif ($vars['passwd1'] && strlen($vars['passwd1']) < 6) { $errors['passwd1'] = __('Password must be at least 6 characters'); } } if (!$vars['dept_id']) { $errors['dept_id'] = __('Department is required'); } if (!$vars['group_id']) { $errors['group_id'] = __('Group is required'); } if (!$vars['timezone_id']) { $errors['timezone_id'] = __('Time zone selection is required'); } // Ensure we will still have an administrator with access if ($vars['isadmin'] !== '1' || $vars['isactive'] !== '1') { $sql = 'select count(*), max(staff_id) from ' . STAFF_TABLE . ' WHERE isadmin=1 and isactive=1'; if (($res = db_query($sql)) && (list($count, $sid) = db_fetch_row($res))) { if ($count == 1 && $sid == $id) { $errors['isadmin'] = __('Cowardly refusing to remove or lock out the only active administrator'); } } } if ($errors) { return false; } $sql = 'SET updated=NOW() ' . ' ,isadmin=' . db_input($vars['isadmin']) . ' ,isactive=' . db_input($vars['isactive']) . ' ,isvisible=' . db_input(isset($vars['isvisible']) ? 1 : 0) . ' ,onvacation=' . db_input(isset($vars['onvacation']) ? 1 : 0) . ' ,assigned_only=' . db_input(isset($vars['assigned_only']) ? 1 : 0) . ' ,dept_id=' . db_input($vars['dept_id']) . ' ,group_id=' . db_input($vars['group_id']) . ' ,timezone_id=' . db_input($vars['timezone_id']) . ' ,daylight_saving=' . db_input(isset($vars['daylight_saving']) ? 1 : 0) . ' ,username='******'username']) . ' ,firstname=' . db_input($vars['firstname']) . ' ,lastname=' . db_input($vars['lastname']) . ' ,email=' . db_input($vars['email']) . ' ,backend=' . db_input($vars['backend']) . ' ,phone="' . db_input(Format::phone($vars['phone']), false) . '"' . ' ,phone_ext=' . db_input($vars['phone_ext']) . ' ,mobile="' . db_input(Format::phone($vars['mobile']), false) . '"' . ' ,signature=' . db_input(Format::sanitize($vars['signature'])) . ' ,notes=' . db_input(Format::sanitize($vars['notes'])); if ($vars['passwd1']) { $sql .= ' ,passwd=' . db_input(Passwd::hash($vars['passwd1'])); if (isset($vars['change_passwd'])) { $sql .= ' ,change_passwd=1'; } } elseif (!isset($vars['change_passwd'])) { $sql .= ' ,change_passwd=0'; } if ($id) { $sql = 'UPDATE ' . STAFF_TABLE . ' ' . $sql . ' WHERE staff_id=' . db_input($id); if (db_query($sql) && db_affected_rows()) { return true; } $errors['err'] = sprintf(__('Unable to update %s.'), __('this agent')) . ' ' . __('Internal error occurred'); } else { $sql = 'INSERT INTO ' . STAFF_TABLE . ' ' . $sql . ', created=NOW()'; if (db_query($sql) && ($uid = db_insert_id())) { return $uid; } $errors['err'] = sprintf(__('Unable to create %s.'), __('this agent')) . ' ' . __('Internal error occurred'); } return false; }
function update($vars, &$errors) { global $cfg; $rtoken = $_SESSION['_client']['reset-token']; if ($vars['passwd1'] || $vars['passwd2'] || $vars['cpasswd'] || $rtoken) { if (!$vars['passwd1']) { $errors['passwd1'] = __('New password is required'); } elseif ($vars['passwd1'] && strlen($vars['passwd1']) < 6) { $errors['passwd1'] = __('Password must be at least 6 characters'); } elseif ($vars['passwd1'] && strcmp($vars['passwd1'], $vars['passwd2'])) { $errors['passwd2'] = __('Passwords do not match'); } if ($rtoken) { $_config = new Config('pwreset'); if ($_config->get($rtoken) != $this->getUserId()) { $errors['err'] = __('Invalid reset token. Logout and try again'); } elseif (!($ts = $_config->lastModified($rtoken)) && $cfg->getPwResetWindow() < time() - strtotime($ts)) { $errors['err'] = __('Invalid reset token. Logout and try again'); } } elseif ($this->get('passwd')) { if (!$vars['cpasswd']) { $errors['cpasswd'] = __('Current password is required'); } elseif (!$this->hasCurrentPassword($vars['cpasswd'])) { $errors['cpasswd'] = __('Invalid current password!'); } elseif (!strcasecmp($vars['passwd1'], $vars['cpasswd'])) { $errors['passwd1'] = __('New password MUST be different from the current password!'); } } } if (!$vars['timezone_id']) { $errors['timezone_id'] = __('Time zone selection is required'); } if ($errors) { return false; } $this->set('timezone_id', $vars['timezone_id']); $this->set('dst', isset($vars['dst']) ? 1 : 0); // Change language $this->set('lang', $vars['lang'] ?: null); $_SESSION['client:lang'] = null; TextDomain::configureForUser($this); if ($vars['backend']) { $this->set('backend', $vars['backend']); if ($vars['username']) { $this->set('username', $vars['username']); } } if ($vars['passwd1']) { $this->set('passwd', Passwd::hash($vars['passwd1'])); $info = array('password' => $vars['passwd1']); Signal::send('auth.pwchange', $this->getUser(), $info); $this->cancelResetTokens(); $this->clearStatus(UserAccountStatus::REQUIRE_PASSWD_RESET); } return $this->save(); }
function save($id, $vars, &$errors) { $vars['username'] = Format::striptags($vars['username']); $vars['firstname'] = Format::striptags($vars['firstname']); $vars['lastname'] = Format::striptags($vars['lastname']); if ($id && $id != $vars['id']) { $errors['err'] = 'Internal Error'; } if (!$vars['firstname']) { $errors['firstname'] = 'First name required'; } if (!$vars['lastname']) { $errors['lastname'] = 'Last name required'; } $error = ''; if (!$vars['username'] || !Validator::is_username($vars['username'], $error)) { $errors['username'] = $error ? $error : 'Username required'; } elseif (($uid = Staff::getIdByUsername($vars['username'])) && $uid != $id) { $errors['username'] = '******'; } if (!$vars['email'] || !Validator::is_email($vars['email'])) { $errors['email'] = 'Valid email required'; } elseif (Email::getIdByEmail($vars['email'])) { $errors['email'] = 'Already in-use system email'; } elseif (($uid = Staff::getIdByEmail($vars['email'])) && $uid != $id) { $errors['email'] = 'Email already in use by another staff member'; } if ($vars['phone'] && !Validator::is_phone($vars['phone'])) { $errors['phone'] = 'Valid number required'; } if ($vars['mobile'] && !Validator::is_phone($vars['mobile'])) { $errors['mobile'] = 'Valid number required'; } if ($vars['passwd1'] || $vars['passwd2'] || !$id) { if ($vars['passwd1'] && strcmp($vars['passwd1'], $vars['passwd2'])) { $errors['passwd2'] = 'Password(s) do not match'; } elseif ($vars['backend'] != 'local' || $vars['welcome_email']) { // Password can be omitted } elseif (!$vars['passwd1'] && !$id) { $errors['passwd1'] = 'Temp. password required'; $errors['temppasswd'] = 'Required'; } elseif ($vars['passwd1'] && strlen($vars['passwd1']) < 6) { $errors['passwd1'] = 'Must be at least 6 characters'; } } if (!$vars['dept_id']) { $errors['dept_id'] = 'Department required'; } if (!$vars['group_id']) { $errors['group_id'] = 'Group required'; } if (!$vars['timezone_id']) { $errors['timezone_id'] = 'Time zone required'; } if ($errors) { return false; } $sql = 'SET updated=NOW() ' . ' ,isadmin=' . db_input($vars['isadmin']) . ' ,isactive=' . db_input($vars['isactive']) . ' ,isvisible=' . db_input(isset($vars['isvisible']) ? 1 : 0) . ' ,onvacation=' . db_input(isset($vars['onvacation']) ? 1 : 0) . ' ,assigned_only=' . db_input(isset($vars['assigned_only']) ? 1 : 0) . ' ,dept_id=' . db_input($vars['dept_id']) . ' ,group_id=' . db_input($vars['group_id']) . ' ,timezone_id=' . db_input($vars['timezone_id']) . ' ,daylight_saving=' . db_input(isset($vars['daylight_saving']) ? 1 : 0) . ' ,username='******'username']) . ' ,firstname=' . db_input($vars['firstname']) . ' ,lastname=' . db_input($vars['lastname']) . ' ,email=' . db_input($vars['email']) . ' ,backend=' . db_input($vars['backend']) . ' ,phone="' . db_input(Format::phone($vars['phone']), false) . '"' . ' ,phone_ext=' . db_input($vars['phone_ext']) . ' ,mobile="' . db_input(Format::phone($vars['mobile']), false) . '"' . ' ,signature=' . db_input(Format::sanitize($vars['signature'])) . ' ,notes=' . db_input(Format::sanitize($vars['notes'])); if ($vars['passwd1']) { $sql .= ' ,passwd=' . db_input(Passwd::hash($vars['passwd1'])); if (isset($vars['change_passwd'])) { $sql .= ' ,change_passwd=1'; } } elseif (!isset($vars['change_passwd'])) { $sql .= ' ,change_passwd=0'; } if ($id) { $sql = 'UPDATE ' . STAFF_TABLE . ' ' . $sql . ' WHERE staff_id=' . db_input($id); if (db_query($sql) && db_affected_rows()) { return true; } $errors['err'] = 'Unable to update the user. Internal error occurred'; } else { $sql = 'INSERT INTO ' . STAFF_TABLE . ' ' . $sql . ', created=NOW()'; if (db_query($sql) && ($uid = db_insert_id())) { return $uid; } $errors['err'] = 'Unable to create user. Internal error'; } return false; }
function install($vars) { $this->errors=$f=array(); $f['name'] = array('type'=>'string', 'required'=>1, 'error'=>__('Name required')); $f['email'] = array('type'=>'email', 'required'=>1, 'error'=>__('Valid email required')); $f['fname'] = array('type'=>'string', 'required'=>1, 'error'=>__('First name required')); $f['lname'] = array('type'=>'string', 'required'=>1, 'error'=>__('Last name required')); $f['admin_email'] = array('type'=>'email', 'required'=>1, 'error'=>__('Valid email required')); $f['username'] = array('type'=>'username', 'required'=>1, 'error'=>__('Username required')); $f['passwd'] = array('type'=>'password', 'required'=>1, 'error'=>__('Password required')); $f['passwd2'] = array('type'=>'password', 'required'=>1, 'error'=>__('Confirm Password')); $f['prefix'] = array('type'=>'string', 'required'=>1, 'error'=>__('Table prefix required')); $f['dbhost'] = array('type'=>'string', 'required'=>1, 'error'=>__('Host name required')); $f['dbname'] = array('type'=>'string', 'required'=>1, 'error'=>__('Database name required')); $f['dbuser'] = array('type'=>'string', 'required'=>1, 'error'=>__('Username required')); $f['dbpass'] = array('type'=>'string', 'required'=>1, 'error'=>__('Password required')); $vars = array_map('trim', $vars); if(!Validator::process($f,$vars,$this->errors) && !$this->errors['err']) $this->errors['err']=__('Missing or invalid data - correct the errors and try again.'); //Staff's email can't be same as system emails. if($vars['admin_email'] && $vars['email'] && !strcasecmp($vars['admin_email'],$vars['email'])) $this->errors['admin_email']=__('Conflicts with system email above'); //Admin's pass confirmation. if(!$this->errors && strcasecmp($vars['passwd'],$vars['passwd2'])) $this->errors['passwd2']=__('Password(s) do not match'); //Check table prefix underscore required at the end! if($vars['prefix'] && substr($vars['prefix'], -1)!='_') $this->errors['prefix']=__('Bad prefix. Must have underscore (_) at the end. e.g \'ost_\''); //Make sure admin username is not very predictable. XXX: feels dirty but necessary if(!$this->errors['username'] && in_array(strtolower($vars['username']),array('admin','admins','username','osticket'))) $this->errors['username']=__('Bad username'); // Support port number specified in the hostname with a colon (:) list($host, $port) = explode(':', $vars['dbhost']); if ($port && is_numeric($port) && ($port < 1 || $port > 65535)) $this->errors['db'] = __('Invalid database port number'); //MYSQL: Connect to the DB and check the version & database (create database if it doesn't exist!) if(!$this->errors) { if(!db_connect($vars['dbhost'],$vars['dbuser'],$vars['dbpass'])) $this->errors['db']=sprintf(__('Unable to connect to MySQL server: %s'), db_connect_error()); elseif(explode('.', db_version()) < explode('.', $this->getMySQLVersion())) $this->errors['db']=sprintf(__('osTicket requires MySQL %s or later!'),$this->getMySQLVersion()); elseif(!db_select_database($vars['dbname']) && !db_create_database($vars['dbname'])) { $this->errors['dbname']=__("Database doesn't exist"); $this->errors['db']=__('Unable to create the database.'); } elseif(!db_select_database($vars['dbname'])) { $this->errors['dbname']=__('Unable to select the database'); } else { //Abort if we have another installation (or table) with same prefix. $sql = 'SELECT * FROM `'.$vars['prefix'].'config` LIMIT 1'; if(db_query($sql, false)) { $this->errors['err'] = __('We have a problem - another installation with same table prefix exists!'); $this->errors['prefix'] = __('Prefix already in-use'); } else { //Try changing charset and collation of the DB - no bigie if we fail. db_query('ALTER DATABASE '.$vars['dbname'].' DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci', false); } } } //bailout on errors. if($this->errors) return false; /*************** We're ready to install ************************/ define('ADMIN_EMAIL',$vars['admin_email']); //Needed to report SQL errors during install. define('TABLE_PREFIX',$vars['prefix']); //Table prefix Bootstrap::defineTables(TABLE_PREFIX); Bootstrap::loadCode(); $debug = true; // Change it to false to squelch SQL errors. //Last minute checks. if(!file_exists($this->getConfigFile()) || !($configFile=file_get_contents($this->getConfigFile()))) $this->errors['err']=__('Unable to read config file. Permission denied! (#2)'); elseif(!($fp = @fopen($this->getConfigFile(),'r+'))) $this->errors['err']=__('Unable to open config file for writing. Permission denied! (#3)'); else { $streams = DatabaseMigrater::getUpgradeStreams(INCLUDE_DIR.'upgrader/streams/'); foreach ($streams as $stream=>$signature) { $schemaFile = INC_DIR."streams/$stream/install-mysql.sql"; if (!file_exists($schemaFile) || !($fp2 = fopen($schemaFile, 'rb'))) $this->errors['err'] = sprintf( __('%s: Internal Error - please make sure your download is the latest (#1)'), $stream); elseif ( // TODO: Make the hash algo configurable in the streams // configuration ( core : md5 ) !($hash = md5(fread($fp2, filesize($schemaFile)))) || strcasecmp($signature, $hash)) $this->errors['err'] = sprintf( __('%s: Unknown or invalid schema signature (%s .. %s)'), $stream, $signature, $hash); elseif (!$this->load_sql_file($schemaFile, $vars['prefix'], true, $debug)) $this->errors['err'] = sprintf( __('%s: Error parsing SQL schema! Get help from developers (#4)'), $stream); } } if(!$this->errors) { // TODO: Use language selected from install worksheet $i18n = new Internationalization($vars['lang_id']); $i18n->loadDefaultData(); Signal::send('system.install', $this); $sql='SELECT `id` FROM '.TABLE_PREFIX.'sla ORDER BY `id` LIMIT 1'; $sla_id_1 = db_result(db_query($sql, false)); $sql='SELECT `dept_id` FROM '.TABLE_PREFIX.'department ORDER BY `dept_id` LIMIT 1'; $dept_id_1 = db_result(db_query($sql, false)); $sql='SELECT `tpl_id` FROM '.TABLE_PREFIX.'email_template_group ORDER BY `tpl_id` LIMIT 1'; $template_id_1 = db_result(db_query($sql, false)); $sql='SELECT `group_id` FROM '.TABLE_PREFIX.'groups ORDER BY `group_id` LIMIT 1'; $group_id_1 = db_result(db_query($sql, false)); $sql='SELECT `value` FROM '.TABLE_PREFIX.'config WHERE namespace=\'core\' and `key`=\'default_timezone_id\' LIMIT 1'; $default_timezone = db_result(db_query($sql, false)); //Create admin user. $sql='INSERT INTO '.TABLE_PREFIX.'staff SET created=NOW() ' .", isactive=1, isadmin=1, group_id='$group_id_1', dept_id='$dept_id_1'" .", timezone_id='$default_timezone', max_page_size=25" .', email='.db_input($vars['admin_email']) .', firstname='.db_input($vars['fname']) .', lastname='.db_input($vars['lname']) .', username='******'username']) .', passwd='.db_input(Passwd::hash($vars['passwd'])); if(!db_query($sql, false) || !($uid=db_insert_id())) $this->errors['err']=__('Unable to create admin user (#6)'); } if(!$this->errors) { //Create default emails! $email = $vars['email']; list(,$domain)=explode('@',$vars['email']); $sql='INSERT INTO '.TABLE_PREFIX.'email (`name`,`email`,`created`,`updated`) VALUES ' ." ('Support','$email',NOW(),NOW())" .",('osTicket Alerts','alerts@$domain',NOW(),NOW())" .",('','noreply@$domain',NOW(),NOW())"; $support_email_id = db_query($sql, false) ? db_insert_id() : 0; $sql='SELECT `email_id` FROM '.TABLE_PREFIX."email WHERE `email`='alerts@$domain' LIMIT 1"; $alert_email_id = db_result(db_query($sql, false)); //Create config settings---default settings! $defaults = array( 'default_email_id'=>$support_email_id, 'alert_email_id'=>$alert_email_id, 'default_dept_id'=>$dept_id_1, 'default_sla_id'=>$sla_id_1, 'default_template_id'=>$template_id_1, 'admin_email'=>$vars['admin_email'], 'schema_signature'=>$streams['core'], 'helpdesk_url'=>URL, 'helpdesk_title'=>$vars['name']); $config = new Config('core'); if (!$config->updateAll($defaults)) $this->errors['err']=__('Unable to create config settings').' (#7)'; // Set company name require_once(INCLUDE_DIR.'class.company.php'); $company = new Company(); $company->getForm()->setAnswer('name', $vars['name']); $company->getForm()->save(); foreach ($streams as $stream=>$signature) { if ($stream != 'core') { $config = new Config($stream); if (!$config->update('schema_signature', $signature)) $this->errors['err']=__('Unable to create config settings').' (#8)'; } } } if($this->errors) return false; //Abort on internal errors. //Rewrite the config file - MUST be done last to allow for installer recovery. $configFile= str_replace("define('OSTINSTALLED',FALSE);","define('OSTINSTALLED',TRUE);",$configFile); $configFile= str_replace('%ADMIN-EMAIL',$vars['admin_email'],$configFile); $configFile= str_replace('%CONFIG-DBHOST',$vars['dbhost'],$configFile); $configFile= str_replace('%CONFIG-DBNAME',$vars['dbname'],$configFile); $configFile= str_replace('%CONFIG-DBUSER',$vars['dbuser'],$configFile); $configFile= str_replace('%CONFIG-DBPASS',$vars['dbpass'],$configFile); $configFile= str_replace('%CONFIG-PREFIX',$vars['prefix'],$configFile); $configFile= str_replace('%CONFIG-SIRI',Misc::randCode(32),$configFile); if(!$fp || !ftruncate($fp,0) || !fwrite($fp,$configFile)) { $this->errors['err']=__('Unable to write to config file. Permission denied! (#5)'); return false; } @fclose($fp); /************* Make the system happy ***********************/ $sql='UPDATE '.TABLE_PREFIX."email SET dept_id=$dept_id_1"; db_query($sql, false); global $cfg; $cfg = new OsticketConfig(); //Create a ticket to make the system warm and happy. $errors = array(); $ticket_vars = $i18n->getTemplate('templates/ticket/installed.yaml') ->getData(); $ticket = Ticket::create($ticket_vars, $errors, 'api', false, false); if ($ticket && ($org = Organization::objects()->order_by('id')->one())) { $user=User::lookup($ticket->getOwnerId()); $user->setOrganization($org); } //TODO: create another personalized ticket and assign to admin?? //Log a message. $msg=__("Congratulations osTicket basic installation completed!\n\nThank you for choosing osTicket!"); $sql='INSERT INTO '.TABLE_PREFIX.'syslog SET created=NOW(), updated=NOW(), log_type="Debug" ' .', title="osTicket installed!"' .', log='.db_input($msg) .', ip_address='.db_input($_SERVER['REMOTE_ADDR']); db_query($sql, false); return true; }
function install($vars) { $this->errors = $f = array(); $f['name'] = array('type' => 'string', 'required' => 1, 'error' => 'Name required'); $f['email'] = array('type' => 'email', 'required' => 1, 'error' => 'Valid email required'); $f['fname'] = array('type' => 'string', 'required' => 1, 'error' => 'First name required'); $f['lname'] = array('type' => 'string', 'required' => 1, 'error' => 'Last name required'); $f['admin_email'] = array('type' => 'email', 'required' => 1, 'error' => 'Valid email required'); $f['username'] = array('type' => 'username', 'required' => 1, 'error' => 'Username required'); $f['passwd'] = array('type' => 'password', 'required' => 1, 'error' => 'Password required'); $f['passwd2'] = array('type' => 'string', 'required' => 1, 'error' => 'Confirm password'); $f['prefix'] = array('type' => 'string', 'required' => 1, 'error' => 'Table prefix required'); $f['dbhost'] = array('type' => 'string', 'required' => 1, 'error' => 'Hostname required'); $f['dbname'] = array('type' => 'string', 'required' => 1, 'error' => 'Database name required'); $f['dbuser'] = array('type' => 'string', 'required' => 1, 'error' => 'Username required'); $f['dbpass'] = array('type' => 'string', 'required' => 1, 'error' => 'password required'); if (!Validator::process($f, $vars, $this->errors) && !$this->errors['err']) { $this->errors['err'] = 'Missing or invalid data - correct the errors and try again.'; } //Staff's email can't be same as system emails. if ($vars['admin_email'] && $vars['email'] && !strcasecmp($vars['admin_email'], $vars['email'])) { $this->errors['admin_email'] = 'Conflicts with system email above'; } //Admin's pass confirmation. if (!$this->errors && strcasecmp($vars['passwd'], $vars['passwd2'])) { $this->errors['passwd2'] = 'passwords to not match!'; } //Check table prefix underscore required at the end! if ($vars['prefix'] && substr($vars['prefix'], -1) != '_') { $this->errors['prefix'] = 'Bad prefix. Must have underscore (_) at the end. e.g \'ost_\''; } //Make sure admin username is not very predictable. XXX: feels dirty but necessary if (!$this->errors['username'] && in_array(strtolower($vars['username']), array('admin', 'admins', 'username', 'osticket'))) { $this->errors['username'] = '******'; } // Support port number specified in the hostname with a colon (:) list($host, $port) = explode(':', $vars['dbhost']); if ($port && is_numeric($port) && ($port < 1 || $port > 65535)) { $this->errors['db'] = 'Invalid database port number'; } //MYSQL: Connect to the DB and check the version & database (create database if it doesn't exist!) if (!$this->errors) { if (!db_connect($vars['dbhost'], $vars['dbuser'], $vars['dbpass'])) { $this->errors['db'] = 'Unable to connect to MySQL server. ' . db_connect_error(); } elseif (explode('.', db_version()) < explode('.', $this->getMySQLVersion())) { $this->errors['db'] = sprintf('osTicket requires MySQL %s or better!', $this->getMySQLVersion()); } elseif (!db_select_database($vars['dbname']) && !db_create_database($vars['dbname'])) { $this->errors['dbname'] = 'Database doesn\'t exist'; $this->errors['db'] = 'Unable to create the database.'; } elseif (!db_select_database($vars['dbname'])) { $this->errors['dbname'] = 'Unable to select the database'; } else { //Abort if we have another installation (or table) with same prefix. $sql = 'SELECT * FROM `' . $vars['prefix'] . 'config` LIMIT 1'; if (db_query($sql, false)) { $this->errors['err'] = 'We have a problem - another installation with same table prefix exists!'; $this->errors['prefix'] = 'Prefix already in-use'; } else { //Try changing charset and collation of the DB - no bigie if we fail. db_query('ALTER DATABASE ' . $vars['dbname'] . ' DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci', false); } } } //bailout on errors. if ($this->errors) { return false; } /*************** We're ready to install ************************/ define('ADMIN_EMAIL', $vars['admin_email']); //Needed to report SQL errors during install. define('PREFIX', $vars['prefix']); //Table prefix $debug = true; // Change it to false to squelch SQL errors. //Last minute checks. if (!file_exists($this->getConfigFile()) || !($configFile = file_get_contents($this->getConfigFile()))) { $this->errors['err'] = 'Unable to read config file. Permission denied! (#2)'; } elseif (!($fp = @fopen($this->getConfigFile(), 'r+'))) { $this->errors['err'] = 'Unable to open config file for writing. Permission denied! (#3)'; } else { $streams = DatabaseMigrater::getUpgradeStreams(INCLUDE_DIR . 'upgrader/streams/'); foreach ($streams as $stream => $signature) { $schemaFile = INC_DIR . "streams/{$stream}/install-mysql.sql"; if (!file_exists($schemaFile) || !($fp2 = fopen($schemaFile, 'rb'))) { $this->errors['err'] = $stream . ': Internal Error - please make sure your download is the latest (#1)'; } elseif (!($hash = md5(fread($fp2, filesize($schemaFile)))) || strcasecmp($signature, $hash)) { $this->errors['err'] = $stream . ': Unknown or invalid schema signature (' . $signature . ' .. ' . $hash . ')'; } elseif (!$this->load_sql_file($schemaFile, $vars['prefix'], true, $debug)) { $this->errors['err'] = $stream . ': Error parsing SQL schema! Get help from developers (#4)'; } } } $sql = 'SELECT `id` FROM ' . PREFIX . 'sla ORDER BY `id` LIMIT 1'; $sla_id_1 = db_result(db_query($sql, false), 0); $sql = 'SELECT `dept_id` FROM ' . PREFIX . 'department ORDER BY `dept_id` LIMIT 1'; $dept_id_1 = db_result(db_query($sql, false), 0); $sql = 'SELECT `tpl_id` FROM ' . PREFIX . 'email_template_group ORDER BY `tpl_id` LIMIT 1'; $template_id_1 = db_result(db_query($sql, false), 0); $sql = 'SELECT `group_id` FROM ' . PREFIX . 'groups ORDER BY `group_id` LIMIT 1'; $group_id_1 = db_result(db_query($sql, false), 0); $sql = 'SELECT `id` FROM ' . PREFIX . 'timezone WHERE offset=-5.0 LIMIT 1'; $eastern_timezone = db_result(db_query($sql, false), 0); if (!$this->errors) { //Create admin user. $sql = 'INSERT INTO ' . PREFIX . 'staff SET created=NOW() ' . ", isactive=1, isadmin=1, group_id={$group_id_1}, dept_id={$dept_id_1}" . ", timezone_id={$eastern_timezone}, max_page_size=25" . ', email=' . db_input($vars['admin_email']) . ', firstname=' . db_input($vars['fname']) . ', lastname=' . db_input($vars['lname']) . ', username='******'username']) . ', passwd=' . db_input(Passwd::hash($vars['passwd'])); if (!db_query($sql, false) || !($uid = db_insert_id())) { $this->errors['err'] = 'Unable to create admin user (#6)'; } } if (!$this->errors) { //Create default emails! $email = $vars['email']; list(, $domain) = explode('@', $vars['email']); $sql = 'INSERT INTO ' . PREFIX . 'email (`name`,`email`,`created`,`updated`) VALUES ' . " ('Support','{$email}',NOW(),NOW())" . ",('osTicket Alerts','alerts@{$domain}',NOW(),NOW())" . ",('','noreply@{$domain}',NOW(),NOW())"; $support_email_id = db_query($sql, false) ? db_insert_id() : 0; $sql = 'SELECT `email_id` FROM ' . PREFIX . "email WHERE `email`='alerts@{$domain}' LIMIT 1"; $alert_email_id = db_result(db_query($sql, false), 0); //Create config settings---default settings! //XXX: rename ostversion helpdesk_* ?? // XXX: Some of this can go to the core install file $defaults = array('isonline' => '0', 'default_email_id' => $support_email_id, 'alert_email_id' => $alert_email_id, 'default_dept_id' => $dept_id_1, 'default_sla_id' => $sla_id_1, 'default_timezone_id' => $eastern_timezone, 'default_template_id' => $template_id_1, 'admin_email' => db_input($vars['admin_email']), 'schema_signature' => db_input($streams['core']), 'helpdesk_url' => db_input(URL), 'helpdesk_title' => db_input($vars['name'])); foreach ($defaults as $key => $value) { $sql = 'UPDATE ' . PREFIX . 'config SET updated=NOW(), value=' . $value . ' WHERE namespace="core" AND `key`=' . db_input($key); if (!db_query($sql, false)) { $this->errors['err'] = 'Unable to create config settings (#7)'; } } foreach ($streams as $stream => $signature) { if ($stream != 'core') { $sql = 'INSERT INTO ' . PREFIX . 'config (`namespace`, `key`, `value`, `updated`) ' . 'VALUES (' . db_input($stream) . ', ' . db_input('schema_signature') . ', ' . db_input($signature) . ', NOW())'; if (!db_query($sql, false)) { $this->errors['err'] = 'Unable to create config settings (#7)'; } } } } if ($this->errors) { return false; } //Abort on internal errors. //Rewrite the config file - MUST be done last to allow for installer recovery. $configFile = str_replace("define('OSTINSTALLED',FALSE);", "define('OSTINSTALLED',TRUE);", $configFile); $configFile = str_replace('%ADMIN-EMAIL', $vars['admin_email'], $configFile); $configFile = str_replace('%CONFIG-DBHOST', $vars['dbhost'], $configFile); $configFile = str_replace('%CONFIG-DBNAME', $vars['dbname'], $configFile); $configFile = str_replace('%CONFIG-DBUSER', $vars['dbuser'], $configFile); $configFile = str_replace('%CONFIG-DBPASS', $vars['dbpass'], $configFile); $configFile = str_replace('%CONFIG-PREFIX', $vars['prefix'], $configFile); $configFile = str_replace('%CONFIG-SIRI', Misc::randCode(32), $configFile); if (!$fp || !ftruncate($fp, 0) || !fwrite($fp, $configFile)) { $this->errors['err'] = 'Unable to write to config file. Permission denied! (#5)'; return false; } @fclose($fp); /************* Make the system happy ***********************/ $sql = 'UPDATE ' . PREFIX . "email SET dept_id={$dept_id_1}"; db_query($sql, false); $sql = 'UPDATE ' . PREFIX . "department SET email_id={$support_email_id}" . ", autoresp_email_id={$support_email_id}"; db_query($sql, false); //Create a ticket to make the system warm and happy. $sql = 'INSERT INTO ' . PREFIX . 'ticket SET created=NOW(), status="open", source="Web" ' . " ,priority_id=0, dept_id={$dept_id_1}, topic_id=0 " . ' ,ticketID=' . db_input(Misc::randNumber(6)) . ' ,email="*****@*****.**" ' . ' ,name="osTicket Support" ' . ' ,subject="osTicket Installed!"'; if (db_query($sql, false) && ($tid = db_insert_id())) { if (!($msg = file_get_contents(INC_DIR . 'msg/installed.txt'))) { $msg = 'Congratulations and Thank you for choosing osTicket!'; } $sql = 'INSERT INTO ' . PREFIX . 'ticket_thread SET created=NOW()' . ', source="Web" ' . ', thread_type="M" ' . ', ticket_id=' . db_input($tid) . ', title=' . db_input('osTicket Installed') . ', body=' . db_input($msg); db_query($sql, false); } //TODO: create another personalized ticket and assign to admin?? //Log a message. $msg = "Congratulations osTicket basic installation completed!\n\nThank you for choosing osTicket!"; $sql = 'INSERT INTO ' . PREFIX . 'syslog SET created=NOW(), updated=NOW(), log_type="Debug" ' . ', title="osTicket installed!"' . ', log=' . db_input($msg) . ', ip_address=' . db_input($_SERVER['REMOTE_ADDR']); db_query($sql, false); return true; }
static function register($user, $vars, &$errors) { if (!$user || !$vars) { return false; } //Require temp password. if ((!$vars['backend'] || $vars['backend'] != 'client') && !isset($vars['sendemail'])) { if (!$vars['passwd1']) { $errors['passwd1'] = 'Temporary password required'; } elseif ($vars['passwd1'] && strlen($vars['passwd1']) < 6) { $errors['passwd1'] = 'Must be at least 6 characters'; } elseif ($vars['passwd1'] && strcmp($vars['passwd1'], $vars['passwd2'])) { $errors['passwd2'] = 'Passwords do not match'; } } if ($errors) { return false; } $account = UserAccount::create(array('user_id' => $user->getId())); if (!$account) { return false; } $account->set('dst', isset($vars['dst']) ? 1 : 0); $account->set('timezone_id', $vars['timezone_id']); $account->set('backend', $vars['backend']); if ($vars['username'] && strcasecmp($vars['username'], $user->getEmail())) { $account->set('username', $vars['username']); } if ($vars['passwd1'] && !$vars['sendemail']) { $account->set('passwd', Passwd::hash($vars['passwd1'])); $account->setStatus(UserAccountStatus::CONFIRMED); if ($vars['pwreset-flag']) { $account->setStatus(UserAccountStatus::REQUIRE_PASSWD_RESET); } if ($vars['forbid-pwreset-flag']) { $account->setStatus(UserAccountStatus::FORBID_PASSWD_RESET); } } elseif ($vars['backend'] && $vars['backend'] != 'client') { // Auto confirm remote accounts $account->setStatus(UserAccountStatus::CONFIRMED); } $account->save(true); if (!$account->isConfirmed() && $vars['sendemail']) { $account->sendConfirmEmail(); } return $account; }
function install($vars) { $this->errors = $f = array(); $f['name'] = array('type' => 'string', 'required' => 1, 'error' => 'Name required'); $f['email'] = array('type' => 'email', 'required' => 1, 'error' => 'Valid email required'); $f['fname'] = array('type' => 'string', 'required' => 1, 'error' => 'First name required'); $f['lname'] = array('type' => 'string', 'required' => 1, 'error' => 'Last name required'); $f['admin_email'] = array('type' => 'email', 'required' => 1, 'error' => 'Valid email required'); $f['username'] = array('type' => 'username', 'required' => 1, 'error' => 'Username required'); $f['passwd'] = array('type' => 'password', 'required' => 1, 'error' => 'Password required'); $f['passwd2'] = array('type' => 'string', 'required' => 1, 'error' => 'Confirm password'); $f['prefix'] = array('type' => 'string', 'required' => 1, 'error' => 'Table prefix required'); $f['dbhost'] = array('type' => 'string', 'required' => 1, 'error' => 'Hostname required'); $f['dbname'] = array('type' => 'string', 'required' => 1, 'error' => 'Database name required'); $f['dbuser'] = array('type' => 'string', 'required' => 1, 'error' => 'Username required'); $f['dbpass'] = array('type' => 'string', 'required' => 1, 'error' => 'password required'); if (!Validator::process($f, $vars, $this->errors) && !$this->errors['err']) { $this->errors['err'] = 'Missing or invalid data - correct the errors and try again.'; } //Staff's email can't be same as system emails. if ($vars['admin_email'] && $vars['email'] && !strcasecmp($vars['admin_email'], $vars['email'])) { $this->errors['admin_email'] = 'Conflicts with system email above'; } //Admin's pass confirmation. if (!$this->errors && strcasecmp($vars['passwd'], $vars['passwd2'])) { $this->errors['passwd2'] = 'passwords to not match!'; } //Check table prefix underscore required at the end! if ($vars['prefix'] && substr($vars['prefix'], -1) != '_') { $this->errors['prefix'] = 'Bad prefix. Must have underscore (_) at the end. e.g \'ost_\''; } //Make sure admin username is not very predictable. XXX: feels dirty but necessary if (!$this->errors['username'] && in_array(strtolower($vars['username']), array('admin', 'admins', 'username', 'osticket'))) { $this->errors['username'] = '******'; } //MYSQL: Connect to the DB and check the version & database (create database if it doesn't exist!) if (!$this->errors) { if (!db_connect($vars['dbhost'], $vars['dbuser'], $vars['dbpass'])) { $this->errors['db'] = 'Unable to connect to MySQL server. Possibly invalid login info.'; } elseif (db_version() < $this->getMySQLVersion()) { $this->errors['db'] = sprintf('osTicket requires MySQL %s or better!', $this->getMySQLVersion()); } elseif (!db_select_database($vars['dbname']) && !db_create_database($vars['dbname'])) { $this->errors['dbname'] = 'Database doesn\'t exist'; $this->errors['db'] = 'Unable to create the database.'; } elseif (!db_select_database($vars['dbname'])) { $this->errors['dbname'] = 'Unable to select the database'; } } //bailout on errors. if ($this->errors) { return false; } /*************** We're ready to install ************************/ define('ADMIN_EMAIL', $vars['admin_email']); //Needed to report SQL errors during install. define('PREFIX', $vars['prefix']); //Table prefix $schemaFile = INC_DIR . 'sql/osTicket-mysql.sql'; //DB dump. $debug = true; //XXX:Change it to true to show SQL errors. //Last minute checks. if (!file_exists($schemaFile)) { $this->errors['err'] = 'Internal Error - please make sure your download is the latest (#1)'; } elseif (!($signature = trim(file_get_contents("{$schemaFile}.md5"))) || strcasecmp($signature, md5_file($schemaFile))) { $this->errors['err'] = 'Unknown or invalid schema signature (' . $signature . ' .. ' . md5_file($schemaFile) . ')'; } elseif (!file_exists($this->getConfigFile()) || !($configFile = file_get_contents($this->getConfigFile()))) { $this->errors['err'] = 'Unable to read config file. Permission denied! (#2)'; } elseif (!($fp = @fopen($this->getConfigFile(), 'r+'))) { $this->errors['err'] = 'Unable to open config file for writing. Permission denied! (#3)'; } elseif (!$this->load_sql_file($schemaFile, $vars['prefix'], true, $debug)) { $this->errors['err'] = 'Error parsing SQL schema! Get help from developers (#4)'; } if (!$this->errors) { //Create admin user. $sql = 'INSERT INTO ' . PREFIX . 'staff SET created=NOW() ' . ', isactive=1, isadmin=1, group_id=1, dept_id=1, timezone_id=8, max_page_size=25 ' . ', email=' . db_input($_POST['admin_email']) . ', firstname=' . db_input($vars['fname']) . ', lastname=' . db_input($vars['lname']) . ', username='******'username']) . ', passwd=' . db_input(Passwd::hash($vars['passwd'])); if (!mysql_query($sql) || !($uid = mysql_insert_id())) { $this->errors['err'] = 'Unable to create admin user (#6)'; } } if (!$this->errors) { //Create config settings---default settings! //XXX: rename ostversion helpdesk_* ?? $sql = 'INSERT INTO ' . PREFIX . 'config SET updated=NOW(), isonline=0 ' . ', default_email_id=1, alert_email_id=2, default_dept_id=1 ' . ', default_sla_id=1, default_timezone_id=8, default_template_id=1 ' . ', admin_email=' . db_input($vars['admin_email']) . ', schema_signature=' . db_input($signature) . ', helpdesk_url=' . db_input(URL) . ', helpdesk_title=' . db_input($vars['name']); if (!mysql_query($sql) || !($cid = mysql_insert_id())) { $this->errors['err'] = 'Unable to create config settings (#7)'; } } if ($this->errors) { return false; } //Abort on internal errors. //Rewrite the config file - MUST be done last to allow for installer recovery. $configFile = str_replace("define('OSTINSTALLED',FALSE);", "define('OSTINSTALLED',TRUE);", $configFile); $configFile = str_replace('%ADMIN-EMAIL', $vars['admin_email'], $configFile); $configFile = str_replace('%CONFIG-DBHOST', $vars['dbhost'], $configFile); $configFile = str_replace('%CONFIG-DBNAME', $vars['dbname'], $configFile); $configFile = str_replace('%CONFIG-DBUSER', $vars['dbuser'], $configFile); $configFile = str_replace('%CONFIG-DBPASS', $vars['dbpass'], $configFile); $configFile = str_replace('%CONFIG-PREFIX', $vars['prefix'], $configFile); $configFile = str_replace('%CONFIG-SIRI', Misc::randcode(32), $configFile); if (!$fp || !ftruncate($fp, 0) || !fwrite($fp, $configFile)) { $this->errors['err'] = 'Unable to write to config file. Permission denied! (#5)'; return false; } @fclose($fp); /************* Make the system happy ***********************/ //Create default emails! $email = $vars['email']; list(, $domain) = explode('@', $vars['email']); $sql = 'INSERT INTO ' . PREFIX . 'email (`email_id`, `dept_id`, `name`,`email`,`created`,`updated`) VALUES ' . " (1,1,'Support','{$email}',NOW(),NOW())" . ",(2,1,'osTicket Alerts','alerts@{$domain}',NOW(),NOW())" . ",(3,1,'','noreply@{$domain}',NOW(),NOW())"; @mysql_query($sql); //Create a ticket to make the system warm and happy. $sql = 'INSERT INTO ' . PREFIX . 'ticket SET created=NOW(), status="open", source="Web" ' . ' ,priority_id=2, dept_id=1, topic_id=1 ' . ' ,ticketID=' . db_input(Misc::randNumber(6)) . ' ,email="*****@*****.**" ' . ' ,name="osTicket Support" ' . ' ,subject="osTicket Installed!"'; if (mysql_query($sql) && ($tid = mysql_insert_id())) { if (!($msg = file_get_contents(INC_DIR . 'msg/installed.txt'))) { $msg = 'Congratulations and Thank you for choosing osTicket!'; } $sql = 'INSERT INTO ' . PREFIX . 'ticket_thread SET created=NOW()' . ', source="Web" ' . ', thread_type="M" ' . ', ticket_id=' . db_input($tid) . ', title=' . db_input('osTicket Installed') . ', body=' . db_input($msg); @mysql_query($sql); } //TODO: create another personalized ticket and assign to admin?? //Log a message. $msg = "Congratulations osTicket basic installation completed!\n\nThank you for choosing osTicket!"; $sql = 'INSERT INTO ' . PREFIX . 'syslog SET created=NOW(), updated=NOW(), log_type="Debug" ' . ', title="osTicket installed!"' . ', log=' . db_input($msg) . ', ip_address=' . db_input($_SERVER['REMOTE_ADDR']); @mysql_query($sql); return true; }