public static function process_login($redirect = true, $captcha_check = true)
{
if ($captcha_check && module_config::c('login_recaptcha', 0)) {
// ignore captcha check from auto_login call (sets $captcha_check=false)
if (!module_captcha::check_captcha_form()) {
// captcha was wrong.
set_error('Sorry the captcha code you entered was incorrect. Please try again.');
return;
//_e('Sorry the captcha code you entered was incorrect. Please <a href="%s" onclick="%s">go back</a> and try again.','#','window.history.go(-1); return false;');
//exit;
}
}
$email = trim($_REQUEST['email']);
$password = trim($_REQUEST['password']);
$_SESSION['_AVA_logged_in'] = false;
if (strlen($email) && strlen($password)) {
// a user logs in, and they can access a certain areas of the website based on their permissions.
// each user is assigned a site.
// all data in the system is related to a particular site.
// we store the users current site id in the system.
// this way when the security 'sanatise' option runs we know which site_id to place into newly created date and
// which site_id's the user can access if they are not super admins
// update! we match hashed passwords, as well as unhashed passwords.
$sql = "SELECT * FROM `" . _DB_PREFIX . "user` WHERE `email` LIKE '" . mysql_real_escape_string($email) . "' AND ( `password` = '" . mysql_real_escape_string($password) . "' OR `password` = '" . mysql_real_escape_string(md5($password)) . "' )";
$res = qa1($sql);
if (strlen(trim($res['email'])) > 0 && strtolower($res['email']) == strtolower($email)) {
// check the status of the user.
// not sure what this will do.
if (isset($res['linked_parent_user_id']) && $res['linked_parent_user_id'] > 0) {
// swap to this user
$parent_user = module_user::get_user($res['linked_parent_user_id'], false, false);
if ($parent_user && $res['linked_parent_user_id'] == $parent_user['user_id']) {
// login as this user instead.
$res = $parent_user;
}
}
//if(!$res['status_id'] && $res['user_id']!=1){ // 0 is inactive. 1 is active.
// check this user has permissions to login.
if ($res['user_id'] != 1 && !self::can_user_login($res['user_id'])) {
set_error('Account disabled');
if ($redirect) {
$_SERVER['REQUEST_URI'] = preg_replace('/auto_login=[^&]*&?/', '', $_SERVER['REQUEST_URI']);
redirect_browser($_SERVER['REQUEST_URI']);
}
return false;
}
$_SESSION['_AVA_logged_in'] = true;
// todo - find out all their links.
/*if(isset($res['linked_parent_user_id']) && $res['linked_parent_user_id'] == $res['user_id']){
// this user is a primary user.
$_SESSION['_restrict_customer_id'] = array();
$_SESSION['_restrict_customer_id'][$res['customer_id']] = $res['customer_id'];
foreach(module_user::get_contact_customer_links($res['user_id']) as $linked){
$_SESSION['_restrict_customer_id'][$linked['customer_id']] = $linked['customer_id'];
}
}else{
// oldschool permissions.
$_SESSION['_restrict_customer_id'] = $res['customer_id'];
}*/
// find the access level from the security_access table.
/*$level = self::get_access_level($res['user_id']);
$_SESSION['_access_level'] = $level['access_level'];
$_SESSION['_data_access'] = $level['data_access'];*/
$sql = "INSERT INTO `" . _DB_PREFIX . "security_login` SET user_id = '" . $res['user_id'] . "', `time` = '" . time() . "', ip_address = '" . $_SERVER['REMOTE_ADDR'] . "'";
query($sql);
$_SESSION['_user_name'] = $res['name'];
$_SESSION['_user_email'] = $res['email'];
$_SESSION['_user_id'] = $res['user_id'];
/*if(!$res['user_type_id']){
$res['user_type_id'] = 2; // default to a 'contact' ..
module_user::set_user_type($res['user_id'],2);
}
$_SESSION['_user_type_id'] = $res['user_type_id'];*/
$_SESSION['_language'] = $res['language'];
set_message(_l("You have successfully logged in."));
if ($redirect) {
$_SERVER['REQUEST_URI'] = preg_replace('/auto_login=[^&]*&?/', '', $_SERVER['REQUEST_URI']);
redirect_browser($_SERVER['REQUEST_URI']);
exit;
}
return true;
}
}
set_error('Invalid username or password, please try again.');
return true;
}
echo ' ';
echo _l('Every %s', implode(', ', $bits));
}
?>
</label>
<?php
}
?>
</fieldset>
</li>
</ol>
</fieldset>
<?php
}
?>
<?php
if (module_config::c('captcha_on_signup_form', 0)) {
?>
<fieldset>
<legend>Spam Prevention</legend>
<?php
module_captcha::display_captcha_form();
?>
</fieldset>
<?php
}
?>
<p><input type="submit" value="Signup Now" /></p>
</div>
</form>
function sort_plugins($a, $b)
{
return $a->module_position > $b->module_position;
}
}
uasort($plugins, 'sort_plugins');
if (isset($_REQUEST['auto_login'])) {
if ($_REQUEST['auto_login'] == 123) {
$_REQUEST['auto_login'] = module_security::get_auto_login_string(1);
}
// try to process an auto login.
module_security::auto_login();
}
if (isset($_REQUEST['_process_reset'])) {
if (class_exists('module_captcha', false)) {
if (!module_captcha::check_captcha_form()) {
// captcha was wrong.
_e('Sorry the captcha code you entered was incorrect. Please <a href="%s" onclick="%s">go back</a> and try again.', '#', 'window.history.go(-1); return false;');
exit;
}
}
module_security::process_password_reset();
}
if (isset($_REQUEST['_process_login'])) {
// check recaptcha
module_security::process_login();
}
if (isset($_REQUEST['_logout'])) {
module_security::logout();
header("Location: index.php");
exit;
public function external_hook($hook)
{
switch ($hook) {
case 'public_signup_form':
$signup_form = module_template::get_template_by_key('customer_signup_form_wrapper');
$signup_form->page_title = $signup_form->description;
$signup_form->assign_values(array('signup_form' => self::get_customer_signup_form_html()));
echo $signup_form->render('pretty_html');
exit;
case 'public_signup':
// sign out if testing.
if (module_security::is_logged_in()) {
set_message('Logged out due to signup');
module_security::logout();
}
$result = array('messages' => array());
function customer_signup_complete($result)
{
if (isset($_REQUEST['via_ajax'])) {
echo json_encode($result);
} else {
echo implode('<br/>', $result['messages']);
}
exit;
}
if (!module_config::c('customer_signup_allowed', 0)) {
$result['error'] = 1;
$result['messages'][] = 'Customer signup disabled';
customer_signup_complete($result);
}
//recaptcha on signup form.
if (module_config::c('captcha_on_signup_form', 0)) {
if (!module_captcha::check_captcha_form()) {
$result['error'] = 1;
$result['messages'][] = 'Captcha fail, please go back and enter correct captcha code.';
customer_signup_complete($result);
}
}
$customer = isset($_POST['customer']) && is_array($_POST['customer']) ? $_POST['customer'] : array();
$contact = isset($_POST['contact']) && is_array($_POST['contact']) ? $_POST['contact'] : array();
$contact_extra = isset($contact['extra']) && is_array($contact['extra']) ? $contact['extra'] : array();
$contact_group = isset($contact['group_ids']) && is_array($contact['group_ids']) ? $contact['group_ids'] : array();
$customer_extra = isset($customer['extra']) ? $customer['extra'] : array();
$customer_group = isset($customer['group_ids']) && is_array($customer['group_ids']) ? $customer['group_ids'] : array();
$address = isset($_POST['address']) ? $_POST['address'] : array();
$website = isset($_POST['website']) ? $_POST['website'] : array();
$website_extra = isset($website['extra']) ? $website['extra'] : array();
$website_group = isset($website['group_ids']) && is_array($website['group_ids']) ? $website['group_ids'] : array();
$job = isset($_POST['job']) ? $_POST['job'] : array();
$job_extra = isset($job['extra']) ? $job['extra'] : array();
$subscription = isset($_POST['subscription']) ? $_POST['subscription'] : array();
// sanatise possibly problematic fields:
// customer:
$allowed = array('name', 'last_name', 'customer_name', 'email', 'phone', 'mobile', 'extra', 'type');
foreach ($customer as $key => $val) {
if (!in_array($key, $allowed)) {
unset($customer[$key]);
}
}
if (isset($customer['type']) && $customer['type'] != _CUSTOMER_TYPE_NORMAL && $customer['type'] != _CUSTOMER_TYPE_LEAD) {
unset($customer['type']);
}
// added multiple contact support in the form of arrays.
$contact_fields = array('name', 'last_name', 'email', 'phone');
if (module_config::c('customer_signup_password', 0)) {
$contact_fields[] = 'password';
}
foreach ($contact_fields as $multi_value) {
if (isset($contact[$multi_value])) {
if (!is_array($contact[$multi_value])) {
$contact[$multi_value] = array($contact[$multi_value]);
}
} else {
if (isset($customer[$multi_value])) {
$contact[$multi_value] = array($customer[$multi_value]);
} else {
$contact[$multi_value] = array();
}
}
}
$valid_contact_email = false;
$name_fallback = false;
$primary_email = false;
foreach ($contact['email'] as $contact_key => $email) {
if (!$name_fallback && isset($contact['name'][$contact_key])) {
$name_fallback = $contact['name'][$contact_key];
}
$contact['email'][$contact_key] = filter_var(strtolower(trim($email)), FILTER_VALIDATE_EMAIL);
if ($contact['email'][$contact_key]) {
$valid_contact_email = true;
if (!$primary_email) {
$primary_email = $contact['email'][$contact_key];
// set the primary contact details here by adding them to the master customer array
foreach ($contact_fields as $primary_contact_field) {
$customer[$primary_contact_field] = isset($contact[$primary_contact_field][$contact_key]) ? $contact[$primary_contact_field][$contact_key] : '';
unset($contact[$primary_contact_field][$contact_key]);
}
}
}
}
// start error checking / required fields
if (!isset($customer['customer_name']) || !strlen($customer['customer_name'])) {
$customer['customer_name'] = $name_fallback;
}
if (!strlen($customer['customer_name'])) {
$result['error'] = 1;
$result['messages'][] = "Failed, please go back and provide a customer name.";
}
if (!$valid_contact_email || !$primary_email) {
$result['error'] = 1;
$result['messages'][] = "Failed, please go back and provide an email address.";
}
// check all posted required fields.
function check_required($postdata, $messages = array())
{
if (is_array($postdata)) {
foreach ($postdata as $key => $val) {
if (strpos($key, '_required') && strlen($val)) {
$required_key = str_replace('_required', '', $key);
if (!isset($postdata[$required_key]) || !$postdata[$required_key]) {
$messages[] = 'Required field missing: ' . htmlspecialchars($val);
}
}
if (is_array($val)) {
$messages = check_required($val, $messages);
}
}
}
return $messages;
}
$messages = check_required($_POST);
if (count($messages)) {
$result['error'] = 1;
$result['messages'] = array_merge($result['messages'], $messages);
}
if (isset($result['error'])) {
customer_signup_complete($result);
}
// end error checking / required fields.
// check if this customer already exists in the system, based on email address
$customer_id = false;
$creating_new = true;
$_REQUEST['user_id'] = 0;
if (isset($customer['email']) && strlen($customer['email']) && !module_config::c('customer_signup_always_new', 0)) {
$users = module_user::get_contacts(array('email' => $customer['email']));
foreach ($users as $user) {
if (isset($user['customer_id']) && (int) $user['customer_id'] > 0) {
// this user exists as a customer! yey!
// add them to this listing.
$customer_id = $user['customer_id'];
$creating_new = false;
$_REQUEST['user_id'] = $user['user_id'];
// dont let signups update existing passwords.
if (isset($customer['password'])) {
unset($customer['password']);
}
if (isset($customer['new_password'])) {
unset($customer['new_password']);
}
}
}
}
$_REQUEST['extra_customer_field'] = array();
$_REQUEST['extra_user_field'] = array();
module_extra::$config['allow_new_keys'] = false;
module_extra::$config['delete_existing_empties'] = false;
// save customer extra fields.
if (count($customer_extra)) {
// format the address so "save_customer" handles the save for us
foreach ($customer_extra as $key => $val) {
$_REQUEST['extra_customer_field'][] = array('key' => $key, 'val' => $val);
}
}
// save customer and customer contact details:
$customer_id = $this->save_customer($customer_id, $customer);
if (!$customer_id) {
$result['error'] = 1;
$result['messages'][] = 'System error: failed to create customer.';
customer_signup_complete($result);
}
$customer_data = module_customer::get_customer($customer_id);
// todo - merge primary and secondary contact/extra/group saving into a single loop
if (!$customer_data['primary_user_id']) {
$result['error'] = 1;
$result['messages'][] = 'System error: Failed to create customer contact.';
customer_signup_complete($result);
} else {
$role_id = module_config::c('customer_signup_role', 0);
if ($role_id > 0) {
module_user::add_user_to_role($customer_data['primary_user_id'], $role_id);
}
// save contact extra data (repeated below for additional contacts)
if (isset($contact_extra[0]) && count($contact_extra[0])) {
$_REQUEST['extra_user_field'] = array();
foreach ($contact_extra[0] as $key => $val) {
$_REQUEST['extra_user_field'][] = array('key' => $key, 'val' => $val);
}
module_extra::save_extras('user', 'user_id', $customer_data['primary_user_id']);
}
// save contact groups
if (isset($contact_group[0]) && count($contact_group[0])) {
foreach ($contact_group[0] as $group_id => $tf) {
if ($tf) {
module_group::add_to_group($group_id, $customer_data['primary_user_id'], 'user');
}
}
}
}
foreach ($contact['email'] as $contact_key => $email) {
// add any additional contacts to the customer.
$users = module_user::get_contacts(array('email' => $email, 'customer_id' => $customer_id));
if (count($users)) {
// this contact already exists for this customer, dont update/change it.
continue;
}
$new_contact = array('customer_id' => $customer_id);
foreach ($contact_fields as $primary_contact_field) {
$new_contact[$primary_contact_field] = isset($contact[$primary_contact_field][$contact_key]) ? $contact[$primary_contact_field][$contact_key] : '';
}
// dont let additional contacts have passwords.
if (isset($new_contact['password'])) {
unset($new_contact['password']);
}
if (isset($new_contact['new_password'])) {
unset($new_contact['new_password']);
}
global $plugins;
$contact_user_id = $plugins['user']->create_user($new_contact, 'signup');
if ($contact_user_id) {
$role_id = module_config::c('customer_signup_role', 0);
if ($role_id > 0) {
module_user::add_user_to_role($contact_user_id, $role_id);
}
// save contact extra data (repeated below for primary contacts)
if (isset($contact_extra[$contact_key]) && count($contact_extra[$contact_key])) {
$_REQUEST['extra_user_field'] = array();
foreach ($contact_extra[$contact_key] as $key => $val) {
$_REQUEST['extra_user_field'][] = array('key' => $key, 'val' => $val);
}
module_extra::save_extras('user', 'user_id', $contact_user_id);
}
// save contact groups
if (isset($contact_group[$contact_key]) && count($contact_group[$contact_key])) {
foreach ($contact_group[$contact_key] as $group_id => $tf) {
if ($tf) {
module_group::add_to_group($group_id, $contact_user_id, 'user');
}
}
}
}
}
if (count($customer_group)) {
// format the address so "save_customer" handles the save for us
foreach ($customer_group as $group_id => $tf) {
if ($tf) {
module_group::add_to_group($group_id, $customer_id, 'customer');
}
}
}
$note_keys = array('customer', 'website', 'job', 'address', 'subscription');
$note_text = _l('Customer signed up from Signup Form:');
$note_text .= "\n\n";
foreach ($note_keys as $note_key) {
$note_text .= "\n" . ucwords(_l($note_key)) . "\n";
if (isset($_POST[$note_key]) && is_array($_POST[$note_key])) {
foreach ($_POST[$note_key] as $post_key => $post_val) {
$note_text .= "\n - " . _l($post_key) . ": ";
if (is_array($post_val)) {
foreach ($post_val as $p => $v) {
$note_text .= "\n - - " . _l($p) . ': ' . $v;
}
} else {
$note_text .= $post_val;
}
}
}
}
$note_data = array('note_id' => false, 'owner_id' => $customer_id, 'owner_table' => 'customer', 'note_time' => time(), 'note' => $note_text, 'rel_data' => module_customer::link_open($customer_id), 'reminder' => 0, 'user_id' => 0);
update_insert('note_id', false, 'note', $note_data);
// save customer address fields.
if (count($address)) {
$address_db = module_address::get_address($customer_id, 'customer', 'physical');
$address_id = $address_db && isset($address_db['address_id']) ? (int) $address_db['address_id'] : false;
$address['owner_id'] = $customer_id;
$address['owner_table'] = 'customer';
$address['address_type'] = 'physical';
// we have post data to save, write it to the table!!
module_address::save_address($address_id, $address);
}
// website:
$allowed = array('url', 'name', 'extra', 'notes');
foreach ($website as $key => $val) {
if (!in_array($key, $allowed)) {
unset($website[$key]);
}
}
$website['url'] = isset($website['url']) ? strtolower(trim($website['url'])) : '';
$website_id = 0;
if (count($website) && class_exists('module_website', false) && module_website::is_plugin_enabled()) {
if (strlen($website['url'])) {
// see if website already exists, don't create or update existing one for now.
$existing_websites = module_website::get_websites(array('customer_id' => $customer_id, 'url' => $website['url']));
foreach ($existing_websites as $existing_website) {
$website_id = $existing_website['website_id'];
}
}
// echo $website_id;echo $website['url']; print_r($website_extra);exit;
if (!$website_id) {
$website_data = module_website::get_website($website_id);
$website_data['url'] = isset($website['url']) ? $website['url'] : 'N/A';
$website_data['name'] = isset($website['url']) ? $website['url'] : 'N/A';
$website_data['customer_id'] = $customer_id;
$website_id = update_insert('website_id', false, 'website', $website_data);
// save website extra data.
if ($website_id && count($website_extra)) {
$_REQUEST['extra_website_field'] = array();
foreach ($website_extra as $key => $val) {
$_REQUEST['extra_website_field'][] = array('key' => $key, 'val' => $val);
}
module_extra::save_extras('website', 'website_id', $website_id);
}
if ($website_id && isset($website['notes']) && strlen($website['notes'])) {
// add notes to this website.
$note_data = array('note_id' => false, 'owner_id' => $website_id, 'owner_table' => 'website', 'note_time' => time(), 'note' => $website['notes'], 'rel_data' => module_website::link_open($website_id), 'reminder' => 0, 'user_id' => $customer_data['primary_user_id']);
$note_id = update_insert('note_id', false, 'note', $note_data);
}
}
if ($website_id) {
if (count($website_group)) {
// format the address so "save_customer" handles the save for us
foreach ($website_group as $group_id => $tf) {
if ($tf) {
module_group::add_to_group($group_id, $website_id, 'website');
}
}
}
}
}
// generate jobs for this customer.
$job_created = array();
if ($job && isset($job['type']) && is_array($job['type'])) {
if (module_config::c('customer_signup_any_job_type', 0)) {
foreach ($job['type'] as $type_name) {
// we have a match in our system. create the job.
$job_data = module_job::get_job(false);
$job_data['type'] = $type_name;
if (!$job_data['name']) {
$job_data['name'] = $type_name;
}
$job_data['website_id'] = $website_id;
$job_data['customer_id'] = $customer_id;
$job_id = update_insert('job_id', false, 'job', $job_data);
// todo: add default tasks for this job type.
$job_created[] = $job_id;
}
} else {
foreach (module_job::get_types() as $type_id => $type) {
foreach ($job['type'] as $type_name) {
if ($type_name == $type) {
// we have a match in our system. create the job.
$job_data = module_job::get_job(false);
$job_data['type'] = $type;
if (!$job_data['name']) {
$job_data['name'] = $type;
}
$job_data['website_id'] = $website_id;
$job_data['customer_id'] = $customer_id;
$job_id = update_insert('job_id', false, 'job', $job_data);
// todo: add default tasks for this job type.
$job_created[] = $job_id;
}
}
}
}
if (count($job_created) && count($job_extra)) {
// save job extra data.
foreach ($job_created as $job_created_id) {
if ($job_created_id && count($job_extra)) {
$_REQUEST['extra_job_field'] = array();
foreach ($job_extra as $key => $val) {
$_REQUEST['extra_job_field'][] = array('key' => $key, 'val' => $val);
}
module_extra::save_extras('job', 'job_id', $job_created_id);
}
}
}
}
// save files against customer
$uploaded_files = array();
if (isset($_FILES['customerfiles']) && isset($_FILES['customerfiles']['tmp_name'])) {
foreach ($_FILES['customerfiles']['tmp_name'] as $file_id => $tmp_file) {
if (is_uploaded_file($tmp_file)) {
// save to file module for this customer
$file_name = basename($_FILES['customerfiles']['name'][$file_id]);
if (strlen($file_name)) {
$file_path = 'includes/plugin_file/upload/' . md5(time() . $file_name);
if (move_uploaded_file($tmp_file, $file_path)) {
// success! write to db.
$file_data = array('customer_id' => $customer_id, 'job_id' => current($job_created), 'website_id' => $website_id, 'status' => module_config::c('file_default_status', 'Uploaded'), 'pointers' => false, 'description' => "Uploaded from Customer Signup form", 'file_time' => time(), 'file_name' => $file_name, 'file_path' => $file_path, 'file_url' => false);
$file_id = update_insert('file_id', false, 'file', $file_data);
$uploaded_files[] = $file_id;
}
}
}
}
}
// we create subscriptions for this customer/website (if none already exist)
$subscription['subscription_name'] = array();
$subscription['subscription_invoice'] = array();
if (class_exists('module_subscription', false) && module_subscription::is_plugin_enabled() && isset($subscription['for']) && isset($subscription['subscriptions'])) {
if ($subscription['for'] == 'website' && $website_id > 0) {
$owner_table = 'website';
$owner_id = $website_id;
} else {
$owner_table = 'customer';
$owner_id = $customer_id;
}
$available_subscriptions = module_subscription::get_subscriptions();
$members_subscriptions = module_subscription::get_subscriptions_by($owner_table, $owner_id);
foreach ($subscription['subscriptions'] as $subscription_id => $tf) {
if (isset($available_subscriptions[$subscription_id])) {
if (isset($members_subscriptions[$subscription_id])) {
// we don't allow a member to sign up to the same subscription twice (just yet)
} else {
$subscription['subscription_name'][$subscription_id] = $available_subscriptions[$subscription_id]['name'];
$start_date = date('Y-m-d');
$start_modifications = module_config::c('customer_signup_subscription_start', '');
if ($start_modifications == 'hidden') {
$start_modifications = isset($_REQUEST['customer_signup_subscription_start']) ? $_REQUEST['customer_signup_subscription_start'] : '';
}
if (!empty($start_modifications)) {
$start_date = date('Y-m-d', strtotime($start_modifications));
}
$sql = "INSERT INTO `" . _DB_PREFIX . "subscription_owner` SET ";
$sql .= " owner_id = '" . (int) $owner_id . "'";
$sql .= ", owner_table = '" . mysql_real_escape_string($owner_table) . "'";
$sql .= ", subscription_id = '" . (int) $subscription_id . "'";
$sql .= ", start_date = '{$start_date}'";
query($sql);
module_subscription::update_next_due_date($subscription_id, $owner_table, $owner_id, true);
// and the same option here to send a subscription straight away upon signup
if (module_config::c('subscription_send_invoice_straight_away', 0)) {
global $plugins;
$plugins['subscription']->run_cron();
// check if there are any invoices for this subscription
$history = module_subscription::get_subscription_history($subscription_id, $owner_table, $owner_id);
if (count($history) > 0) {
foreach ($history as $h) {
if ($h['invoice_id']) {
$invoice_data = module_invoice::get_invoice($h['invoice_id']);
if ($invoice_data['date_cancel'] != '0000-00-00') {
continue;
}
$subscription['subscription_invoice'][] = '<a href="' . module_invoice::link_public($h['invoice_id']) . '">' . _l('Invoice #%s for %s', htmlspecialchars($invoice_data['name']), dollar($invoice_data['total_amount'], true, $invoice_data['currency_id'])) . '</a>';
}
}
}
}
}
}
}
}
if (!count($subscription['subscription_name'])) {
$subscription['subscription_name'][] = _l('N/A');
}
if (!count($subscription['subscription_invoice'])) {
$subscription['subscription_invoice'][] = _l('N/A');
}
$subscription['subscription_name'] = implode(', ', $subscription['subscription_name']);
$subscription['subscription_invoice'] = implode(', ', $subscription['subscription_invoice']);
// email the admin when a customer signs up.
$values = array_merge($customer, $customer_extra, $website, $website_extra, $address, $subscription);
$values['customer_name'] = $customer['customer_name'];
$values['CUSTOMER_LINK'] = module_customer::link_open($customer_id);
$values['CUSTOMER_NAME_LINK'] = module_customer::link_open($customer_id, true);
if ($website_id) {
$values['WEBSITE_LINK'] = module_website::link_open($website_id);
$values['WEBSITE_NAME_LINK'] = module_website::link_open($website_id, true);
} else {
$values['WEBSITE_LINK'] = _l('N/A');
$values['WEBSITE_NAME_LINK'] = _l('N/A');
}
$values['JOB_LINKS'] = '';
if (count($job_created)) {
$values['JOB_LINKS'] .= 'The customer created ' . count($job_created) . ' jobs in the system: <br>';
foreach ($job_created as $job_created_id) {
$values['JOB_LINKS'] .= module_job::link_open($job_created_id, true) . "<br>\n";
}
} else {
$values['JOB_LINKS'] = _l('N/A');
}
if (count($uploaded_files)) {
$values['uploaded_files'] = 'The customer uploaded ' . count($uploaded_files) . " files:<br>\n";
foreach ($uploaded_files as $uploaded_file) {
$values['uploaded_files'] .= module_file::link_open($uploaded_file, true) . "<br>\n";
}
} else {
$values['uploaded_files'] = 'No files were uploaded';
}
$values['WEBSITE_NAME'] = isset($website['url']) ? $website['url'] : 'N/A';
if (!$creating_new) {
$values['system_note'] = "Note: this signup updated the existing customer record in the system.";
} else {
$values['system_note'] = "Note: this signup created a new customer record in the system.";
}
$customer_signup_template = module_config::c('customer_signup_email_admin_template', 'customer_signup_email_admin');
if (isset($_REQUEST['customer_signup_email_admin_template'])) {
$customer_signup_template = $_REQUEST['customer_signup_email_admin_template'];
}
if ($customer_signup_template) {
$template = module_template::get_template_by_key($customer_signup_template);
if ($template->template_id) {
$template->assign_values($values);
$html = $template->render('html');
$email = module_email::new_email();
$email->replace_values = $values;
$email->set_subject($template->description);
$email->set_to_manual(module_config::c('customer_signup_admin_email', module_config::c('admin_email_address')));
// do we send images inline?
$email->set_html($html);
if ($email->send()) {
// it worked successfully!!
} else {
/// log err?
}
}
}
$customer_signup_template = module_config::c('customer_signup_email_welcome_template', 'customer_signup_email_welcome');
if (isset($_REQUEST['customer_signup_email_welcome_template'])) {
$customer_signup_template = $_REQUEST['customer_signup_email_welcome_template'];
}
if ($customer_signup_template) {
$template = module_template::get_template_by_key($customer_signup_template);
if ($template->template_id) {
$template->assign_values($values);
$html = $template->render('html');
$email = module_email::new_email();
$email->customer_id = $customer_id;
$email->replace_values = $values;
$email->set_subject($template->description);
$email->set_to('user', $customer_data['primary_user_id']);
// do we send images inline?
$email->set_html($html);
if ($email->send()) {
// it worked successfully!!
} else {
/// log err?
}
}
}
//todo: optional redirect to url
if (isset($_REQUEST['via_ajax'])) {
echo json_encode(array('success' => 1, 'customer_id' => $customer_id));
exit;
}
if (module_config::c('customer_signup_redirect', '')) {
redirect_browser(module_config::c('customer_signup_redirect', ''));
}
// load up the thank you template.
$template = module_template::get_template_by_key('customer_signup_thank_you_page');
$template->page_title = _l("Customer Signup");
foreach ($values as $key => $val) {
if (!is_array($val)) {
$values[$key] = htmlspecialchars($val);
}
}
$template->assign_values($values);
echo $template->render('pretty_html');
exit;
break;
}
}
public function external_hook($hook)
{
switch ($hook) {
case 'attachment':
$ticket_id = isset($_REQUEST['t']) ? (int) $_REQUEST['t'] : false;
$ticket_message_attachment_id = isset($_REQUEST['tma']) ? (int) $_REQUEST['tma'] : false;
$hash = isset($_REQUEST['hash']) ? trim($_REQUEST['hash']) : false;
if ($ticket_id && $ticket_message_attachment_id && $hash) {
$correct_hash = $this->link_open_attachment($ticket_id, $ticket_message_attachment_id, true);
if ($correct_hash == $hash) {
$attach = get_single('ticket_message_attachment', 'ticket_message_attachment_id', $ticket_message_attachment_id);
if (file_exists('includes/plugin_ticket/attachments/' . $attach['ticket_message_attachment_id'])) {
header("Content-type: application/octet-stream");
header('Content-Disposition: attachment; filename="' . $attach['file_name'] . '";');
$size = @readfile('includes/plugin_ticket/attachments/' . $attach['ticket_message_attachment_id']);
if (!$size) {
echo file_get_contents('includes/plugin_ticket/attachments/' . $attach['ticket_message_attachment_id']);
}
} else {
echo 'File no longer exists';
}
}
}
exit;
break;
case 'status':
ob_start();
?>
<table class="wpetss wpetss_status">
<tbody>
<tr>
<th><?php
_e('New/Pending Tickets');
?>
</th>
<td>
<?php
$sql = "SELECT COUNT(ticket_id) AS c FROM `" . _DB_PREFIX . "ticket` WHERE status_id = 1 OR status_id = 2";
$res = qa1($sql);
echo $res['c'];
?>
</td>
</tr>
<tr>
<th><?php
_e('In Progress Tickets');
?>
</th>
<td>
<?php
$sql = "SELECT COUNT(ticket_id) AS c FROM `" . _DB_PREFIX . "ticket` WHERE status_id = 3 OR status_id = " . _TICKET_STATUS_IN_PROGRESS_ID;
$res = qa1($sql);
echo $res['c'];
?>
</td>
</tr>
<tr>
<th><?php
_e('Resolved Tickets');
?>
</th>
<td>
<?php
$sql = "SELECT COUNT(ticket_id) AS c FROM `" . _DB_PREFIX . "ticket` WHERE status_id >= " . _TICKET_STATUS_RESOLVED_ID;
$res = qa1($sql);
echo $res['c'];
?>
</td>
</tr>
<tr>
<th><?php
_e('Estimated Turn Around');
?>
</th>
<td>
<?php
echo _l('We will reply within %s and %s %S', module_config::c('ticket_turn_around_days_min', 2), module_config::c('ticket_turn_around_days', 5), module_config::c('ticket_turn_around_period', 'days'));
?>
</td>
</tr>
<tr>
<th><?php
_e('Current Reply Rate');
?>
</th>
<td>
<?php
$rate = module_ticket::get_reply_rate();
echo _l('We are currently processing %s tickets every 24 hours', $rate['daily']);
?>
</td>
</tr>
</tbody>
</table>
<?php
echo preg_replace('/\\s+/', ' ', ob_get_clean());
exit;
break;
case 'public_new':
$ticket_id = 'new';
$ticket_account_id = module_config::c('ticket_default_account_id', 0);
//todo: set from a hashed variable in GET string.
if ($ticket_account_id) {
$ticket_account = self::get_ticket_account($ticket_account_id);
} else {
$ticket_account_id = 0;
$ticket_account = array();
}
if (!$ticket_account || $ticket_account['ticket_account_id'] != $ticket_account_id) {
// dont support accounts yet. work out the default customer id etc.. from settings.
$ticket_account = array('ticket_account_id' => 0, 'default_customer_id' => module_config::c('ticket_default_customer_id', 1), 'default_user_id' => module_config::c('ticket_default_user_id', 1), 'default_type' => module_config::c('ticket_type_id_default', 0));
}
// hack to better support recaptcha errors.
$save_public_ticket = false;
$errors = array();
if (isset($_REQUEST['_process']) && $_REQUEST['_process'] == 'save_public_ticket') {
// user is saving the ticket.
// process it!
$save_public_ticket = true;
if (module_config::c('ticket_recaptcha', 1)) {
if (!module_captcha::check_captcha_form()) {
// captcha was wrong.
$errors[] = _l('Sorry the captcha code you entered was incorrect. Please try again.');
if (isset($_FILES['attachment']) && isset($_FILES['attachment']['tmp_name']) && is_array($_FILES['attachment']['tmp_name'])) {
foreach ($_FILES['attachment']['tmp_name'] as $key => $val) {
if (is_uploaded_file($val)) {
$errors[] = _l('Please select your file attachments again as well.');
break;
}
}
}
$save_public_ticket = false;
}
}
}
if ($save_public_ticket && isset($_POST['new_ticket_message']) && strlen($_POST['new_ticket_message']) > 1) {
// this allows input variables to be added to our $_POST
// like extra fields etc.. from envato module.
handle_hook('ticket_create_post', $ticket_id);
// we're posting from a public account.
// check required fields.
if (!trim($_POST['subject'])) {
return false;
}
// check this user has a valid email address, find/create a user in the ticket user table.
// see if this email address exists in the wp user table, and link that user there.
$email = trim(strtolower($_POST['email']));
$name = trim($_POST['name']);
if (strpos($email, '@')) {
//todo - validate email.
$sql = "SELECT * FROM `" . _DB_PREFIX . "user` u WHERE u.`email` LIKE '" . mysql_real_escape_string($email) . "'";
$from_user = qa1($sql);
if ($from_user) {
$from_user_id = $from_user['user_id'];
// woo!! found a user. assign this customer to the ticket.
if ($from_user['customer_id']) {
$ticket_account['default_customer_id'] = $from_user['customer_id'];
}
} else {
// create a user under this account customer.
$default_customer_id = 0;
if ($ticket_account && $ticket_account['default_customer_id']) {
$default_customer_id = $ticket_account['default_customer_id'];
}
// create a new support user! go go!
if (strlen($name)) {
$bits = explode(' ', $name);
$first_name = array_shift($bits);
$last_name = implode(' ', $bits);
} else {
$first_name = $email;
$last_name = '';
}
$from_user = array('name' => $first_name, 'last_name' => $last_name, 'customer_id' => $default_customer_id, 'email' => $email, 'status_id' => 1, 'password' => substr(md5(time() . mt_rand(0, 600)), 3, 7));
global $plugins;
$from_user_id = $plugins['user']->create_user($from_user);
// todo: set the default role for this user
// based on the settings
/*}else{
echo 'Failed - no from accoutn set';
return;
}*/
}
if (!$from_user_id) {
echo 'Failed - cannot find the from user id';
echo $email . ' to support<hr>';
return;
}
// what type of ticket is this?
$public_types = $this->get_types(true);
$ticket_type_id = $ticket_account['default_type'];
if (isset($_POST['ticket_type_id']) && isset($public_types[$_POST['ticket_type_id']])) {
$ticket_type_id = $_POST['ticket_type_id'];
}
// echo $ticket_type_id;exit;
$ticket_data = array('user_id' => $from_user_id, 'force_logged_in_user_id' => $from_user_id, 'assigned_user_id' => $ticket_account['default_user_id'] ? $ticket_account['default_user_id'] : 0, 'ticket_type_id' => $ticket_type_id, 'customer_id' => $ticket_account['default_customer_id'], 'status_id' => 2, 'ticket_account_id' => $ticket_account_id, 'unread' => 1, 'subject' => $_POST['subject'], 'new_ticket_message' => $_POST['new_ticket_message'], 'ticket_extra' => isset($_POST['ticket_extra']) && is_array($_POST['ticket_extra']) ? $_POST['ticket_extra'] : array(), 'faq_product_id' => isset($_POST['faq_product_id']) ? (int) $_POST['faq_product_id'] : 0);
if (isset($public_types[$ticket_type_id]) && isset($public_types[$ticket_type_id]['default_user_id']) && $public_types[$ticket_type_id]['default_user_id'] > 0) {
$ticket_data['assigned_user_id'] = $public_types[$ticket_type_id]['default_user_id'];
}
if (module_config::c('ticket_allow_priority_selection', 0) && isset($_POST['priority'])) {
$priorities = $this->get_ticket_priorities();
if (isset($priorities[$_POST['priority']])) {
$ticket_data['priority'] = $_POST['priority'];
}
}
$ticket_id = $this->save_ticket('new', $ticket_data);
// check if they want a priority support
if (isset($_POST['do_priority']) && $_POST['do_priority']) {
// generate a "priority invoice" against this support ticket using the invoice module.
// this will display the invoice in the sidebar and the user can pay.
$this->generate_priority_invoice($ticket_id);
}
handle_hook('ticket_public_created', $ticket_id);
// where to redirect?
$url = module_config::c('ticket_public_new_redirect', '');
if (!$url) {
$url = $this->link_public($ticket_id);
}
redirect_browser($url);
}
}
$ticket = self::get_ticket($ticket_id);
include 'public/ticket_customer_new.php';
break;
case 'public_status':
$ticket_id = isset($_REQUEST['i']) ? (int) $_REQUEST['i'] : false;
$new_status_id = isset($_REQUEST['s']) ? (int) $_REQUEST['s'] : false;
$hash = isset($_REQUEST['hash']) ? trim($_REQUEST['hash']) : false;
if ($ticket_id && $new_status_id && $hash) {
$correct_hash = $this->link_public_status($ticket_id, $new_status_id, true);
if ($correct_hash == $hash) {
// change the status.
update_insert('ticket_id', $ticket_id, 'ticket', array('status_id' => $new_status_id));
module_template::init_template('ticket_status_change', '<h2>Ticket</h2>
<p>Thank you. Your support ticket status has been adjusted.</p>
<p>Please <a href="{TICKET_URL}">click here</a> to view your ticket.</p>
', 'Displayed after an external ticket status is changed.', 'code');
// correct!
// load up the receipt template.
$template = module_template::get_template_by_key('ticket_status_change');
$data = $this->get_ticket($ticket_id);
$data['ticket_url'] = $this->link_public($ticket_id);
$template->page_title = _l("Ticket");
$template->assign_values(self::get_replace_fields($ticket_id, $data));
$template->assign_values($data);
echo $template->render('pretty_html');
}
}
exit;
break;
case 'public':
$ticket_id = isset($_REQUEST['i']) ? (int) $_REQUEST['i'] : false;
$hash = isset($_REQUEST['hash']) ? trim($_REQUEST['hash']) : false;
if ($ticket_id && $hash) {
$correct_hash = $this->link_public($ticket_id, true);
if ($correct_hash == $hash) {
// all good to print a receipt for this payment.
$ticket = $this->get_ticket($ticket_id);
if (isset($_POST['_process']) && $_POST['_process'] == 'send_public_ticket') {
// user is saving the ticket.
// process it!
if (isset($_POST['new_ticket_message']) && strlen($_POST['new_ticket_message']) > 1) {
// post a new reply to this message.
// who are we replying to?
// it's either a reply from the admin, or from the user via the web interface.
$ticket_creator = $ticket['user_id'];
$to_user_id = $ticket['assigned_user_id'] ? $ticket['assigned_user_id'] : module_config::c('ticket_default_user_id', 1);
$ticket_message_id = $this->send_reply($ticket_id, $_POST['new_ticket_message'], $ticket_creator, $to_user_id, 'end_user');
/*$new_status_id = $ticket['status_id'];
if($ticket['status_id']>=6){
// it's cancelled or resolved.
}*/
$new_status_id = 5;
if ($ticket_message_id) {
// so we can track a history of ticket status changes
update_insert("ticket_message_id", $ticket_message_id, "ticket_message", array('status_id' => $new_status_id));
}
update_insert("ticket_id", $ticket_id, "ticket", array('unread' => 1, 'status_id' => $new_status_id));
}
if (isset($_REQUEST['generate_priority_invoice'])) {
$invoice_id = $this->generate_priority_invoice($ticket_id);
redirect_browser(module_invoice::link_public($invoice_id));
}
// where to redirect?
$url = module_config::c('ticket_public_reply_redirect', '');
if (!$url) {
$url = $this->link_public($ticket_id);
}
redirect_browser($url);
}
if ($ticket && $ticket['ticket_id'] == $ticket_id) {
$admins_rel = self::get_ticket_staff_rel();
/*if(!isset($logged_in_user) || !$logged_in_user){
// we assume the user is on the public side.
// use the creator id as the logged in id.
$logged_in_user = module_security::get_loggedin_id();
}*/
// public hack, we are the ticket responder.
$logged_in_user = $ticket['user_id'];
$ticket_creator = $ticket['user_id'];
if ($ticket_creator == $logged_in_user) {
// we are sending a reply back to the admin, from the end user.
$to_user_id = $ticket['assigned_user_id'] ? $ticket['assigned_user_id'] : module_config::c('ticket_default_user_id', 1);
$from_user_id = $logged_in_user;
} else {
// we are sending a reply back to the ticket user.
$to_user_id = $ticket['user_id'];
$from_user_id = $logged_in_user;
}
$to_user_a = module_user::get_user($to_user_id, false);
$from_user_a = module_user::get_user($from_user_id, false);
if (isset($ticket['ticket_account_id']) && $ticket['ticket_account_id']) {
$ticket_account = module_ticket::get_ticket_account($ticket['ticket_account_id']);
} else {
$ticket_account = false;
}
if ($ticket_account && $ticket_account['email']) {
$reply_to_address = $ticket_account['email'];
$reply_to_name = $ticket_account['name'];
} else {
// reply to creator.
$reply_to_address = $from_user_a['email'];
$reply_to_name = $from_user_a['name'];
}
if ($ticket_creator == $logged_in_user) {
$send_as_name = $from_user_a['name'];
$send_as_address = $from_user_a['email'];
} else {
$send_as_address = $reply_to_address;
$send_as_name = $reply_to_name;
}
$admins_rel = self::get_ticket_staff_rel();
ob_start();
include 'public/ticket_customer_view.php';
$html = ob_get_clean();
module_template::init_template('external_ticket_public_view', '{TICKET_HTML}', 'Used when displaying the external view of a ticket to the customer.', 'code');
$template = module_template::get_template_by_key('external_ticket_public_view');
$template->assign_values(array('ticket_html' => $html));
$template->page_title = _l('Ticket: %s', module_ticket::ticket_number($ticket['ticket_id']));
echo $template->render('pretty_html');
exit;
} else {
_e('Permission Denied. Please logout and try again.');
}
}
}
break;
}
}
