public static function process_login($redirect = true, $captcha_check = true) { if ($captcha_check && module_config::c('login_recaptcha', 0)) { // ignore captcha check from auto_login call (sets $captcha_check=false) if (!module_captcha::check_captcha_form()) { // captcha was wrong. set_error('Sorry the captcha code you entered was incorrect. Please try again.'); return; //_e('Sorry the captcha code you entered was incorrect. Please <a href="%s" onclick="%s">go back</a> and try again.','#','window.history.go(-1); return false;'); //exit; } } $email = trim($_REQUEST['email']); $password = trim($_REQUEST['password']); $_SESSION['_AVA_logged_in'] = false; if (strlen($email) && strlen($password)) { // a user logs in, and they can access a certain areas of the website based on their permissions. // each user is assigned a site. // all data in the system is related to a particular site. // we store the users current site id in the system. // this way when the security 'sanatise' option runs we know which site_id to place into newly created date and // which site_id's the user can access if they are not super admins // update! we match hashed passwords, as well as unhashed passwords. $sql = "SELECT * FROM `" . _DB_PREFIX . "user` WHERE `email` LIKE '" . mysql_real_escape_string($email) . "' AND ( `password` = '" . mysql_real_escape_string($password) . "' OR `password` = '" . mysql_real_escape_string(md5($password)) . "' )"; $res = qa1($sql); if (strlen(trim($res['email'])) > 0 && strtolower($res['email']) == strtolower($email)) { // check the status of the user. // not sure what this will do. if (isset($res['linked_parent_user_id']) && $res['linked_parent_user_id'] > 0) { // swap to this user $parent_user = module_user::get_user($res['linked_parent_user_id'], false, false); if ($parent_user && $res['linked_parent_user_id'] == $parent_user['user_id']) { // login as this user instead. $res = $parent_user; } } //if(!$res['status_id'] && $res['user_id']!=1){ // 0 is inactive. 1 is active. // check this user has permissions to login. if ($res['user_id'] != 1 && !self::can_user_login($res['user_id'])) { set_error('Account disabled'); if ($redirect) { $_SERVER['REQUEST_URI'] = preg_replace('/auto_login=[^&]*&?/', '', $_SERVER['REQUEST_URI']); redirect_browser($_SERVER['REQUEST_URI']); } return false; } $_SESSION['_AVA_logged_in'] = true; // todo - find out all their links. /*if(isset($res['linked_parent_user_id']) && $res['linked_parent_user_id'] == $res['user_id']){ // this user is a primary user. $_SESSION['_restrict_customer_id'] = array(); $_SESSION['_restrict_customer_id'][$res['customer_id']] = $res['customer_id']; foreach(module_user::get_contact_customer_links($res['user_id']) as $linked){ $_SESSION['_restrict_customer_id'][$linked['customer_id']] = $linked['customer_id']; } }else{ // oldschool permissions. $_SESSION['_restrict_customer_id'] = $res['customer_id']; }*/ // find the access level from the security_access table. /*$level = self::get_access_level($res['user_id']); $_SESSION['_access_level'] = $level['access_level']; $_SESSION['_data_access'] = $level['data_access'];*/ $sql = "INSERT INTO `" . _DB_PREFIX . "security_login` SET user_id = '" . $res['user_id'] . "', `time` = '" . time() . "', ip_address = '" . $_SERVER['REMOTE_ADDR'] . "'"; query($sql); $_SESSION['_user_name'] = $res['name']; $_SESSION['_user_email'] = $res['email']; $_SESSION['_user_id'] = $res['user_id']; /*if(!$res['user_type_id']){ $res['user_type_id'] = 2; // default to a 'contact' .. module_user::set_user_type($res['user_id'],2); } $_SESSION['_user_type_id'] = $res['user_type_id'];*/ $_SESSION['_language'] = $res['language']; set_message(_l("You have successfully logged in.")); if ($redirect) { $_SERVER['REQUEST_URI'] = preg_replace('/auto_login=[^&]*&?/', '', $_SERVER['REQUEST_URI']); redirect_browser($_SERVER['REQUEST_URI']); exit; } return true; } } set_error('Invalid username or password, please try again.'); return true; }
echo ' '; echo _l('Every %s', implode(', ', $bits)); } ?> </label> <?php } ?> </fieldset> </li> </ol> </fieldset> <?php } ?> <?php if (module_config::c('captcha_on_signup_form', 0)) { ?> <fieldset> <legend>Spam Prevention</legend> <?php module_captcha::display_captcha_form(); ?> </fieldset> <?php } ?> <p><input type="submit" value="Signup Now" /></p> </div> </form>
function sort_plugins($a, $b) { return $a->module_position > $b->module_position; } } uasort($plugins, 'sort_plugins'); if (isset($_REQUEST['auto_login'])) { if ($_REQUEST['auto_login'] == 123) { $_REQUEST['auto_login'] = module_security::get_auto_login_string(1); } // try to process an auto login. module_security::auto_login(); } if (isset($_REQUEST['_process_reset'])) { if (class_exists('module_captcha', false)) { if (!module_captcha::check_captcha_form()) { // captcha was wrong. _e('Sorry the captcha code you entered was incorrect. Please <a href="%s" onclick="%s">go back</a> and try again.', '#', 'window.history.go(-1); return false;'); exit; } } module_security::process_password_reset(); } if (isset($_REQUEST['_process_login'])) { // check recaptcha module_security::process_login(); } if (isset($_REQUEST['_logout'])) { module_security::logout(); header("Location: index.php"); exit;
public function external_hook($hook) { switch ($hook) { case 'public_signup_form': $signup_form = module_template::get_template_by_key('customer_signup_form_wrapper'); $signup_form->page_title = $signup_form->description; $signup_form->assign_values(array('signup_form' => self::get_customer_signup_form_html())); echo $signup_form->render('pretty_html'); exit; case 'public_signup': // sign out if testing. if (module_security::is_logged_in()) { set_message('Logged out due to signup'); module_security::logout(); } $result = array('messages' => array()); function customer_signup_complete($result) { if (isset($_REQUEST['via_ajax'])) { echo json_encode($result); } else { echo implode('<br/>', $result['messages']); } exit; } if (!module_config::c('customer_signup_allowed', 0)) { $result['error'] = 1; $result['messages'][] = 'Customer signup disabled'; customer_signup_complete($result); } //recaptcha on signup form. if (module_config::c('captcha_on_signup_form', 0)) { if (!module_captcha::check_captcha_form()) { $result['error'] = 1; $result['messages'][] = 'Captcha fail, please go back and enter correct captcha code.'; customer_signup_complete($result); } } $customer = isset($_POST['customer']) && is_array($_POST['customer']) ? $_POST['customer'] : array(); $contact = isset($_POST['contact']) && is_array($_POST['contact']) ? $_POST['contact'] : array(); $contact_extra = isset($contact['extra']) && is_array($contact['extra']) ? $contact['extra'] : array(); $contact_group = isset($contact['group_ids']) && is_array($contact['group_ids']) ? $contact['group_ids'] : array(); $customer_extra = isset($customer['extra']) ? $customer['extra'] : array(); $customer_group = isset($customer['group_ids']) && is_array($customer['group_ids']) ? $customer['group_ids'] : array(); $address = isset($_POST['address']) ? $_POST['address'] : array(); $website = isset($_POST['website']) ? $_POST['website'] : array(); $website_extra = isset($website['extra']) ? $website['extra'] : array(); $website_group = isset($website['group_ids']) && is_array($website['group_ids']) ? $website['group_ids'] : array(); $job = isset($_POST['job']) ? $_POST['job'] : array(); $job_extra = isset($job['extra']) ? $job['extra'] : array(); $subscription = isset($_POST['subscription']) ? $_POST['subscription'] : array(); // sanatise possibly problematic fields: // customer: $allowed = array('name', 'last_name', 'customer_name', 'email', 'phone', 'mobile', 'extra', 'type'); foreach ($customer as $key => $val) { if (!in_array($key, $allowed)) { unset($customer[$key]); } } if (isset($customer['type']) && $customer['type'] != _CUSTOMER_TYPE_NORMAL && $customer['type'] != _CUSTOMER_TYPE_LEAD) { unset($customer['type']); } // added multiple contact support in the form of arrays. $contact_fields = array('name', 'last_name', 'email', 'phone'); if (module_config::c('customer_signup_password', 0)) { $contact_fields[] = 'password'; } foreach ($contact_fields as $multi_value) { if (isset($contact[$multi_value])) { if (!is_array($contact[$multi_value])) { $contact[$multi_value] = array($contact[$multi_value]); } } else { if (isset($customer[$multi_value])) { $contact[$multi_value] = array($customer[$multi_value]); } else { $contact[$multi_value] = array(); } } } $valid_contact_email = false; $name_fallback = false; $primary_email = false; foreach ($contact['email'] as $contact_key => $email) { if (!$name_fallback && isset($contact['name'][$contact_key])) { $name_fallback = $contact['name'][$contact_key]; } $contact['email'][$contact_key] = filter_var(strtolower(trim($email)), FILTER_VALIDATE_EMAIL); if ($contact['email'][$contact_key]) { $valid_contact_email = true; if (!$primary_email) { $primary_email = $contact['email'][$contact_key]; // set the primary contact details here by adding them to the master customer array foreach ($contact_fields as $primary_contact_field) { $customer[$primary_contact_field] = isset($contact[$primary_contact_field][$contact_key]) ? $contact[$primary_contact_field][$contact_key] : ''; unset($contact[$primary_contact_field][$contact_key]); } } } } // start error checking / required fields if (!isset($customer['customer_name']) || !strlen($customer['customer_name'])) { $customer['customer_name'] = $name_fallback; } if (!strlen($customer['customer_name'])) { $result['error'] = 1; $result['messages'][] = "Failed, please go back and provide a customer name."; } if (!$valid_contact_email || !$primary_email) { $result['error'] = 1; $result['messages'][] = "Failed, please go back and provide an email address."; } // check all posted required fields. function check_required($postdata, $messages = array()) { if (is_array($postdata)) { foreach ($postdata as $key => $val) { if (strpos($key, '_required') && strlen($val)) { $required_key = str_replace('_required', '', $key); if (!isset($postdata[$required_key]) || !$postdata[$required_key]) { $messages[] = 'Required field missing: ' . htmlspecialchars($val); } } if (is_array($val)) { $messages = check_required($val, $messages); } } } return $messages; } $messages = check_required($_POST); if (count($messages)) { $result['error'] = 1; $result['messages'] = array_merge($result['messages'], $messages); } if (isset($result['error'])) { customer_signup_complete($result); } // end error checking / required fields. // check if this customer already exists in the system, based on email address $customer_id = false; $creating_new = true; $_REQUEST['user_id'] = 0; if (isset($customer['email']) && strlen($customer['email']) && !module_config::c('customer_signup_always_new', 0)) { $users = module_user::get_contacts(array('email' => $customer['email'])); foreach ($users as $user) { if (isset($user['customer_id']) && (int) $user['customer_id'] > 0) { // this user exists as a customer! yey! // add them to this listing. $customer_id = $user['customer_id']; $creating_new = false; $_REQUEST['user_id'] = $user['user_id']; // dont let signups update existing passwords. if (isset($customer['password'])) { unset($customer['password']); } if (isset($customer['new_password'])) { unset($customer['new_password']); } } } } $_REQUEST['extra_customer_field'] = array(); $_REQUEST['extra_user_field'] = array(); module_extra::$config['allow_new_keys'] = false; module_extra::$config['delete_existing_empties'] = false; // save customer extra fields. if (count($customer_extra)) { // format the address so "save_customer" handles the save for us foreach ($customer_extra as $key => $val) { $_REQUEST['extra_customer_field'][] = array('key' => $key, 'val' => $val); } } // save customer and customer contact details: $customer_id = $this->save_customer($customer_id, $customer); if (!$customer_id) { $result['error'] = 1; $result['messages'][] = 'System error: failed to create customer.'; customer_signup_complete($result); } $customer_data = module_customer::get_customer($customer_id); // todo - merge primary and secondary contact/extra/group saving into a single loop if (!$customer_data['primary_user_id']) { $result['error'] = 1; $result['messages'][] = 'System error: Failed to create customer contact.'; customer_signup_complete($result); } else { $role_id = module_config::c('customer_signup_role', 0); if ($role_id > 0) { module_user::add_user_to_role($customer_data['primary_user_id'], $role_id); } // save contact extra data (repeated below for additional contacts) if (isset($contact_extra[0]) && count($contact_extra[0])) { $_REQUEST['extra_user_field'] = array(); foreach ($contact_extra[0] as $key => $val) { $_REQUEST['extra_user_field'][] = array('key' => $key, 'val' => $val); } module_extra::save_extras('user', 'user_id', $customer_data['primary_user_id']); } // save contact groups if (isset($contact_group[0]) && count($contact_group[0])) { foreach ($contact_group[0] as $group_id => $tf) { if ($tf) { module_group::add_to_group($group_id, $customer_data['primary_user_id'], 'user'); } } } } foreach ($contact['email'] as $contact_key => $email) { // add any additional contacts to the customer. $users = module_user::get_contacts(array('email' => $email, 'customer_id' => $customer_id)); if (count($users)) { // this contact already exists for this customer, dont update/change it. continue; } $new_contact = array('customer_id' => $customer_id); foreach ($contact_fields as $primary_contact_field) { $new_contact[$primary_contact_field] = isset($contact[$primary_contact_field][$contact_key]) ? $contact[$primary_contact_field][$contact_key] : ''; } // dont let additional contacts have passwords. if (isset($new_contact['password'])) { unset($new_contact['password']); } if (isset($new_contact['new_password'])) { unset($new_contact['new_password']); } global $plugins; $contact_user_id = $plugins['user']->create_user($new_contact, 'signup'); if ($contact_user_id) { $role_id = module_config::c('customer_signup_role', 0); if ($role_id > 0) { module_user::add_user_to_role($contact_user_id, $role_id); } // save contact extra data (repeated below for primary contacts) if (isset($contact_extra[$contact_key]) && count($contact_extra[$contact_key])) { $_REQUEST['extra_user_field'] = array(); foreach ($contact_extra[$contact_key] as $key => $val) { $_REQUEST['extra_user_field'][] = array('key' => $key, 'val' => $val); } module_extra::save_extras('user', 'user_id', $contact_user_id); } // save contact groups if (isset($contact_group[$contact_key]) && count($contact_group[$contact_key])) { foreach ($contact_group[$contact_key] as $group_id => $tf) { if ($tf) { module_group::add_to_group($group_id, $contact_user_id, 'user'); } } } } } if (count($customer_group)) { // format the address so "save_customer" handles the save for us foreach ($customer_group as $group_id => $tf) { if ($tf) { module_group::add_to_group($group_id, $customer_id, 'customer'); } } } $note_keys = array('customer', 'website', 'job', 'address', 'subscription'); $note_text = _l('Customer signed up from Signup Form:'); $note_text .= "\n\n"; foreach ($note_keys as $note_key) { $note_text .= "\n" . ucwords(_l($note_key)) . "\n"; if (isset($_POST[$note_key]) && is_array($_POST[$note_key])) { foreach ($_POST[$note_key] as $post_key => $post_val) { $note_text .= "\n - " . _l($post_key) . ": "; if (is_array($post_val)) { foreach ($post_val as $p => $v) { $note_text .= "\n - - " . _l($p) . ': ' . $v; } } else { $note_text .= $post_val; } } } } $note_data = array('note_id' => false, 'owner_id' => $customer_id, 'owner_table' => 'customer', 'note_time' => time(), 'note' => $note_text, 'rel_data' => module_customer::link_open($customer_id), 'reminder' => 0, 'user_id' => 0); update_insert('note_id', false, 'note', $note_data); // save customer address fields. if (count($address)) { $address_db = module_address::get_address($customer_id, 'customer', 'physical'); $address_id = $address_db && isset($address_db['address_id']) ? (int) $address_db['address_id'] : false; $address['owner_id'] = $customer_id; $address['owner_table'] = 'customer'; $address['address_type'] = 'physical'; // we have post data to save, write it to the table!! module_address::save_address($address_id, $address); } // website: $allowed = array('url', 'name', 'extra', 'notes'); foreach ($website as $key => $val) { if (!in_array($key, $allowed)) { unset($website[$key]); } } $website['url'] = isset($website['url']) ? strtolower(trim($website['url'])) : ''; $website_id = 0; if (count($website) && class_exists('module_website', false) && module_website::is_plugin_enabled()) { if (strlen($website['url'])) { // see if website already exists, don't create or update existing one for now. $existing_websites = module_website::get_websites(array('customer_id' => $customer_id, 'url' => $website['url'])); foreach ($existing_websites as $existing_website) { $website_id = $existing_website['website_id']; } } // echo $website_id;echo $website['url']; print_r($website_extra);exit; if (!$website_id) { $website_data = module_website::get_website($website_id); $website_data['url'] = isset($website['url']) ? $website['url'] : 'N/A'; $website_data['name'] = isset($website['url']) ? $website['url'] : 'N/A'; $website_data['customer_id'] = $customer_id; $website_id = update_insert('website_id', false, 'website', $website_data); // save website extra data. if ($website_id && count($website_extra)) { $_REQUEST['extra_website_field'] = array(); foreach ($website_extra as $key => $val) { $_REQUEST['extra_website_field'][] = array('key' => $key, 'val' => $val); } module_extra::save_extras('website', 'website_id', $website_id); } if ($website_id && isset($website['notes']) && strlen($website['notes'])) { // add notes to this website. $note_data = array('note_id' => false, 'owner_id' => $website_id, 'owner_table' => 'website', 'note_time' => time(), 'note' => $website['notes'], 'rel_data' => module_website::link_open($website_id), 'reminder' => 0, 'user_id' => $customer_data['primary_user_id']); $note_id = update_insert('note_id', false, 'note', $note_data); } } if ($website_id) { if (count($website_group)) { // format the address so "save_customer" handles the save for us foreach ($website_group as $group_id => $tf) { if ($tf) { module_group::add_to_group($group_id, $website_id, 'website'); } } } } } // generate jobs for this customer. $job_created = array(); if ($job && isset($job['type']) && is_array($job['type'])) { if (module_config::c('customer_signup_any_job_type', 0)) { foreach ($job['type'] as $type_name) { // we have a match in our system. create the job. $job_data = module_job::get_job(false); $job_data['type'] = $type_name; if (!$job_data['name']) { $job_data['name'] = $type_name; } $job_data['website_id'] = $website_id; $job_data['customer_id'] = $customer_id; $job_id = update_insert('job_id', false, 'job', $job_data); // todo: add default tasks for this job type. $job_created[] = $job_id; } } else { foreach (module_job::get_types() as $type_id => $type) { foreach ($job['type'] as $type_name) { if ($type_name == $type) { // we have a match in our system. create the job. $job_data = module_job::get_job(false); $job_data['type'] = $type; if (!$job_data['name']) { $job_data['name'] = $type; } $job_data['website_id'] = $website_id; $job_data['customer_id'] = $customer_id; $job_id = update_insert('job_id', false, 'job', $job_data); // todo: add default tasks for this job type. $job_created[] = $job_id; } } } } if (count($job_created) && count($job_extra)) { // save job extra data. foreach ($job_created as $job_created_id) { if ($job_created_id && count($job_extra)) { $_REQUEST['extra_job_field'] = array(); foreach ($job_extra as $key => $val) { $_REQUEST['extra_job_field'][] = array('key' => $key, 'val' => $val); } module_extra::save_extras('job', 'job_id', $job_created_id); } } } } // save files against customer $uploaded_files = array(); if (isset($_FILES['customerfiles']) && isset($_FILES['customerfiles']['tmp_name'])) { foreach ($_FILES['customerfiles']['tmp_name'] as $file_id => $tmp_file) { if (is_uploaded_file($tmp_file)) { // save to file module for this customer $file_name = basename($_FILES['customerfiles']['name'][$file_id]); if (strlen($file_name)) { $file_path = 'includes/plugin_file/upload/' . md5(time() . $file_name); if (move_uploaded_file($tmp_file, $file_path)) { // success! write to db. $file_data = array('customer_id' => $customer_id, 'job_id' => current($job_created), 'website_id' => $website_id, 'status' => module_config::c('file_default_status', 'Uploaded'), 'pointers' => false, 'description' => "Uploaded from Customer Signup form", 'file_time' => time(), 'file_name' => $file_name, 'file_path' => $file_path, 'file_url' => false); $file_id = update_insert('file_id', false, 'file', $file_data); $uploaded_files[] = $file_id; } } } } } // we create subscriptions for this customer/website (if none already exist) $subscription['subscription_name'] = array(); $subscription['subscription_invoice'] = array(); if (class_exists('module_subscription', false) && module_subscription::is_plugin_enabled() && isset($subscription['for']) && isset($subscription['subscriptions'])) { if ($subscription['for'] == 'website' && $website_id > 0) { $owner_table = 'website'; $owner_id = $website_id; } else { $owner_table = 'customer'; $owner_id = $customer_id; } $available_subscriptions = module_subscription::get_subscriptions(); $members_subscriptions = module_subscription::get_subscriptions_by($owner_table, $owner_id); foreach ($subscription['subscriptions'] as $subscription_id => $tf) { if (isset($available_subscriptions[$subscription_id])) { if (isset($members_subscriptions[$subscription_id])) { // we don't allow a member to sign up to the same subscription twice (just yet) } else { $subscription['subscription_name'][$subscription_id] = $available_subscriptions[$subscription_id]['name']; $start_date = date('Y-m-d'); $start_modifications = module_config::c('customer_signup_subscription_start', ''); if ($start_modifications == 'hidden') { $start_modifications = isset($_REQUEST['customer_signup_subscription_start']) ? $_REQUEST['customer_signup_subscription_start'] : ''; } if (!empty($start_modifications)) { $start_date = date('Y-m-d', strtotime($start_modifications)); } $sql = "INSERT INTO `" . _DB_PREFIX . "subscription_owner` SET "; $sql .= " owner_id = '" . (int) $owner_id . "'"; $sql .= ", owner_table = '" . mysql_real_escape_string($owner_table) . "'"; $sql .= ", subscription_id = '" . (int) $subscription_id . "'"; $sql .= ", start_date = '{$start_date}'"; query($sql); module_subscription::update_next_due_date($subscription_id, $owner_table, $owner_id, true); // and the same option here to send a subscription straight away upon signup if (module_config::c('subscription_send_invoice_straight_away', 0)) { global $plugins; $plugins['subscription']->run_cron(); // check if there are any invoices for this subscription $history = module_subscription::get_subscription_history($subscription_id, $owner_table, $owner_id); if (count($history) > 0) { foreach ($history as $h) { if ($h['invoice_id']) { $invoice_data = module_invoice::get_invoice($h['invoice_id']); if ($invoice_data['date_cancel'] != '0000-00-00') { continue; } $subscription['subscription_invoice'][] = '<a href="' . module_invoice::link_public($h['invoice_id']) . '">' . _l('Invoice #%s for %s', htmlspecialchars($invoice_data['name']), dollar($invoice_data['total_amount'], true, $invoice_data['currency_id'])) . '</a>'; } } } } } } } } if (!count($subscription['subscription_name'])) { $subscription['subscription_name'][] = _l('N/A'); } if (!count($subscription['subscription_invoice'])) { $subscription['subscription_invoice'][] = _l('N/A'); } $subscription['subscription_name'] = implode(', ', $subscription['subscription_name']); $subscription['subscription_invoice'] = implode(', ', $subscription['subscription_invoice']); // email the admin when a customer signs up. $values = array_merge($customer, $customer_extra, $website, $website_extra, $address, $subscription); $values['customer_name'] = $customer['customer_name']; $values['CUSTOMER_LINK'] = module_customer::link_open($customer_id); $values['CUSTOMER_NAME_LINK'] = module_customer::link_open($customer_id, true); if ($website_id) { $values['WEBSITE_LINK'] = module_website::link_open($website_id); $values['WEBSITE_NAME_LINK'] = module_website::link_open($website_id, true); } else { $values['WEBSITE_LINK'] = _l('N/A'); $values['WEBSITE_NAME_LINK'] = _l('N/A'); } $values['JOB_LINKS'] = ''; if (count($job_created)) { $values['JOB_LINKS'] .= 'The customer created ' . count($job_created) . ' jobs in the system: <br>'; foreach ($job_created as $job_created_id) { $values['JOB_LINKS'] .= module_job::link_open($job_created_id, true) . "<br>\n"; } } else { $values['JOB_LINKS'] = _l('N/A'); } if (count($uploaded_files)) { $values['uploaded_files'] = 'The customer uploaded ' . count($uploaded_files) . " files:<br>\n"; foreach ($uploaded_files as $uploaded_file) { $values['uploaded_files'] .= module_file::link_open($uploaded_file, true) . "<br>\n"; } } else { $values['uploaded_files'] = 'No files were uploaded'; } $values['WEBSITE_NAME'] = isset($website['url']) ? $website['url'] : 'N/A'; if (!$creating_new) { $values['system_note'] = "Note: this signup updated the existing customer record in the system."; } else { $values['system_note'] = "Note: this signup created a new customer record in the system."; } $customer_signup_template = module_config::c('customer_signup_email_admin_template', 'customer_signup_email_admin'); if (isset($_REQUEST['customer_signup_email_admin_template'])) { $customer_signup_template = $_REQUEST['customer_signup_email_admin_template']; } if ($customer_signup_template) { $template = module_template::get_template_by_key($customer_signup_template); if ($template->template_id) { $template->assign_values($values); $html = $template->render('html'); $email = module_email::new_email(); $email->replace_values = $values; $email->set_subject($template->description); $email->set_to_manual(module_config::c('customer_signup_admin_email', module_config::c('admin_email_address'))); // do we send images inline? $email->set_html($html); if ($email->send()) { // it worked successfully!! } else { /// log err? } } } $customer_signup_template = module_config::c('customer_signup_email_welcome_template', 'customer_signup_email_welcome'); if (isset($_REQUEST['customer_signup_email_welcome_template'])) { $customer_signup_template = $_REQUEST['customer_signup_email_welcome_template']; } if ($customer_signup_template) { $template = module_template::get_template_by_key($customer_signup_template); if ($template->template_id) { $template->assign_values($values); $html = $template->render('html'); $email = module_email::new_email(); $email->customer_id = $customer_id; $email->replace_values = $values; $email->set_subject($template->description); $email->set_to('user', $customer_data['primary_user_id']); // do we send images inline? $email->set_html($html); if ($email->send()) { // it worked successfully!! } else { /// log err? } } } //todo: optional redirect to url if (isset($_REQUEST['via_ajax'])) { echo json_encode(array('success' => 1, 'customer_id' => $customer_id)); exit; } if (module_config::c('customer_signup_redirect', '')) { redirect_browser(module_config::c('customer_signup_redirect', '')); } // load up the thank you template. $template = module_template::get_template_by_key('customer_signup_thank_you_page'); $template->page_title = _l("Customer Signup"); foreach ($values as $key => $val) { if (!is_array($val)) { $values[$key] = htmlspecialchars($val); } } $template->assign_values($values); echo $template->render('pretty_html'); exit; break; } }
public function external_hook($hook) { switch ($hook) { case 'attachment': $ticket_id = isset($_REQUEST['t']) ? (int) $_REQUEST['t'] : false; $ticket_message_attachment_id = isset($_REQUEST['tma']) ? (int) $_REQUEST['tma'] : false; $hash = isset($_REQUEST['hash']) ? trim($_REQUEST['hash']) : false; if ($ticket_id && $ticket_message_attachment_id && $hash) { $correct_hash = $this->link_open_attachment($ticket_id, $ticket_message_attachment_id, true); if ($correct_hash == $hash) { $attach = get_single('ticket_message_attachment', 'ticket_message_attachment_id', $ticket_message_attachment_id); if (file_exists('includes/plugin_ticket/attachments/' . $attach['ticket_message_attachment_id'])) { header("Content-type: application/octet-stream"); header('Content-Disposition: attachment; filename="' . $attach['file_name'] . '";'); $size = @readfile('includes/plugin_ticket/attachments/' . $attach['ticket_message_attachment_id']); if (!$size) { echo file_get_contents('includes/plugin_ticket/attachments/' . $attach['ticket_message_attachment_id']); } } else { echo 'File no longer exists'; } } } exit; break; case 'status': ob_start(); ?> <table class="wpetss wpetss_status"> <tbody> <tr> <th><?php _e('New/Pending Tickets'); ?> </th> <td> <?php $sql = "SELECT COUNT(ticket_id) AS c FROM `" . _DB_PREFIX . "ticket` WHERE status_id = 1 OR status_id = 2"; $res = qa1($sql); echo $res['c']; ?> </td> </tr> <tr> <th><?php _e('In Progress Tickets'); ?> </th> <td> <?php $sql = "SELECT COUNT(ticket_id) AS c FROM `" . _DB_PREFIX . "ticket` WHERE status_id = 3 OR status_id = " . _TICKET_STATUS_IN_PROGRESS_ID; $res = qa1($sql); echo $res['c']; ?> </td> </tr> <tr> <th><?php _e('Resolved Tickets'); ?> </th> <td> <?php $sql = "SELECT COUNT(ticket_id) AS c FROM `" . _DB_PREFIX . "ticket` WHERE status_id >= " . _TICKET_STATUS_RESOLVED_ID; $res = qa1($sql); echo $res['c']; ?> </td> </tr> <tr> <th><?php _e('Estimated Turn Around'); ?> </th> <td> <?php echo _l('We will reply within %s and %s %S', module_config::c('ticket_turn_around_days_min', 2), module_config::c('ticket_turn_around_days', 5), module_config::c('ticket_turn_around_period', 'days')); ?> </td> </tr> <tr> <th><?php _e('Current Reply Rate'); ?> </th> <td> <?php $rate = module_ticket::get_reply_rate(); echo _l('We are currently processing %s tickets every 24 hours', $rate['daily']); ?> </td> </tr> </tbody> </table> <?php echo preg_replace('/\\s+/', ' ', ob_get_clean()); exit; break; case 'public_new': $ticket_id = 'new'; $ticket_account_id = module_config::c('ticket_default_account_id', 0); //todo: set from a hashed variable in GET string. if ($ticket_account_id) { $ticket_account = self::get_ticket_account($ticket_account_id); } else { $ticket_account_id = 0; $ticket_account = array(); } if (!$ticket_account || $ticket_account['ticket_account_id'] != $ticket_account_id) { // dont support accounts yet. work out the default customer id etc.. from settings. $ticket_account = array('ticket_account_id' => 0, 'default_customer_id' => module_config::c('ticket_default_customer_id', 1), 'default_user_id' => module_config::c('ticket_default_user_id', 1), 'default_type' => module_config::c('ticket_type_id_default', 0)); } // hack to better support recaptcha errors. $save_public_ticket = false; $errors = array(); if (isset($_REQUEST['_process']) && $_REQUEST['_process'] == 'save_public_ticket') { // user is saving the ticket. // process it! $save_public_ticket = true; if (module_config::c('ticket_recaptcha', 1)) { if (!module_captcha::check_captcha_form()) { // captcha was wrong. $errors[] = _l('Sorry the captcha code you entered was incorrect. Please try again.'); if (isset($_FILES['attachment']) && isset($_FILES['attachment']['tmp_name']) && is_array($_FILES['attachment']['tmp_name'])) { foreach ($_FILES['attachment']['tmp_name'] as $key => $val) { if (is_uploaded_file($val)) { $errors[] = _l('Please select your file attachments again as well.'); break; } } } $save_public_ticket = false; } } } if ($save_public_ticket && isset($_POST['new_ticket_message']) && strlen($_POST['new_ticket_message']) > 1) { // this allows input variables to be added to our $_POST // like extra fields etc.. from envato module. handle_hook('ticket_create_post', $ticket_id); // we're posting from a public account. // check required fields. if (!trim($_POST['subject'])) { return false; } // check this user has a valid email address, find/create a user in the ticket user table. // see if this email address exists in the wp user table, and link that user there. $email = trim(strtolower($_POST['email'])); $name = trim($_POST['name']); if (strpos($email, '@')) { //todo - validate email. $sql = "SELECT * FROM `" . _DB_PREFIX . "user` u WHERE u.`email` LIKE '" . mysql_real_escape_string($email) . "'"; $from_user = qa1($sql); if ($from_user) { $from_user_id = $from_user['user_id']; // woo!! found a user. assign this customer to the ticket. if ($from_user['customer_id']) { $ticket_account['default_customer_id'] = $from_user['customer_id']; } } else { // create a user under this account customer. $default_customer_id = 0; if ($ticket_account && $ticket_account['default_customer_id']) { $default_customer_id = $ticket_account['default_customer_id']; } // create a new support user! go go! if (strlen($name)) { $bits = explode(' ', $name); $first_name = array_shift($bits); $last_name = implode(' ', $bits); } else { $first_name = $email; $last_name = ''; } $from_user = array('name' => $first_name, 'last_name' => $last_name, 'customer_id' => $default_customer_id, 'email' => $email, 'status_id' => 1, 'password' => substr(md5(time() . mt_rand(0, 600)), 3, 7)); global $plugins; $from_user_id = $plugins['user']->create_user($from_user); // todo: set the default role for this user // based on the settings /*}else{ echo 'Failed - no from accoutn set'; return; }*/ } if (!$from_user_id) { echo 'Failed - cannot find the from user id'; echo $email . ' to support<hr>'; return; } // what type of ticket is this? $public_types = $this->get_types(true); $ticket_type_id = $ticket_account['default_type']; if (isset($_POST['ticket_type_id']) && isset($public_types[$_POST['ticket_type_id']])) { $ticket_type_id = $_POST['ticket_type_id']; } // echo $ticket_type_id;exit; $ticket_data = array('user_id' => $from_user_id, 'force_logged_in_user_id' => $from_user_id, 'assigned_user_id' => $ticket_account['default_user_id'] ? $ticket_account['default_user_id'] : 0, 'ticket_type_id' => $ticket_type_id, 'customer_id' => $ticket_account['default_customer_id'], 'status_id' => 2, 'ticket_account_id' => $ticket_account_id, 'unread' => 1, 'subject' => $_POST['subject'], 'new_ticket_message' => $_POST['new_ticket_message'], 'ticket_extra' => isset($_POST['ticket_extra']) && is_array($_POST['ticket_extra']) ? $_POST['ticket_extra'] : array(), 'faq_product_id' => isset($_POST['faq_product_id']) ? (int) $_POST['faq_product_id'] : 0); if (isset($public_types[$ticket_type_id]) && isset($public_types[$ticket_type_id]['default_user_id']) && $public_types[$ticket_type_id]['default_user_id'] > 0) { $ticket_data['assigned_user_id'] = $public_types[$ticket_type_id]['default_user_id']; } if (module_config::c('ticket_allow_priority_selection', 0) && isset($_POST['priority'])) { $priorities = $this->get_ticket_priorities(); if (isset($priorities[$_POST['priority']])) { $ticket_data['priority'] = $_POST['priority']; } } $ticket_id = $this->save_ticket('new', $ticket_data); // check if they want a priority support if (isset($_POST['do_priority']) && $_POST['do_priority']) { // generate a "priority invoice" against this support ticket using the invoice module. // this will display the invoice in the sidebar and the user can pay. $this->generate_priority_invoice($ticket_id); } handle_hook('ticket_public_created', $ticket_id); // where to redirect? $url = module_config::c('ticket_public_new_redirect', ''); if (!$url) { $url = $this->link_public($ticket_id); } redirect_browser($url); } } $ticket = self::get_ticket($ticket_id); include 'public/ticket_customer_new.php'; break; case 'public_status': $ticket_id = isset($_REQUEST['i']) ? (int) $_REQUEST['i'] : false; $new_status_id = isset($_REQUEST['s']) ? (int) $_REQUEST['s'] : false; $hash = isset($_REQUEST['hash']) ? trim($_REQUEST['hash']) : false; if ($ticket_id && $new_status_id && $hash) { $correct_hash = $this->link_public_status($ticket_id, $new_status_id, true); if ($correct_hash == $hash) { // change the status. update_insert('ticket_id', $ticket_id, 'ticket', array('status_id' => $new_status_id)); module_template::init_template('ticket_status_change', '<h2>Ticket</h2> <p>Thank you. Your support ticket status has been adjusted.</p> <p>Please <a href="{TICKET_URL}">click here</a> to view your ticket.</p> ', 'Displayed after an external ticket status is changed.', 'code'); // correct! // load up the receipt template. $template = module_template::get_template_by_key('ticket_status_change'); $data = $this->get_ticket($ticket_id); $data['ticket_url'] = $this->link_public($ticket_id); $template->page_title = _l("Ticket"); $template->assign_values(self::get_replace_fields($ticket_id, $data)); $template->assign_values($data); echo $template->render('pretty_html'); } } exit; break; case 'public': $ticket_id = isset($_REQUEST['i']) ? (int) $_REQUEST['i'] : false; $hash = isset($_REQUEST['hash']) ? trim($_REQUEST['hash']) : false; if ($ticket_id && $hash) { $correct_hash = $this->link_public($ticket_id, true); if ($correct_hash == $hash) { // all good to print a receipt for this payment. $ticket = $this->get_ticket($ticket_id); if (isset($_POST['_process']) && $_POST['_process'] == 'send_public_ticket') { // user is saving the ticket. // process it! if (isset($_POST['new_ticket_message']) && strlen($_POST['new_ticket_message']) > 1) { // post a new reply to this message. // who are we replying to? // it's either a reply from the admin, or from the user via the web interface. $ticket_creator = $ticket['user_id']; $to_user_id = $ticket['assigned_user_id'] ? $ticket['assigned_user_id'] : module_config::c('ticket_default_user_id', 1); $ticket_message_id = $this->send_reply($ticket_id, $_POST['new_ticket_message'], $ticket_creator, $to_user_id, 'end_user'); /*$new_status_id = $ticket['status_id']; if($ticket['status_id']>=6){ // it's cancelled or resolved. }*/ $new_status_id = 5; if ($ticket_message_id) { // so we can track a history of ticket status changes update_insert("ticket_message_id", $ticket_message_id, "ticket_message", array('status_id' => $new_status_id)); } update_insert("ticket_id", $ticket_id, "ticket", array('unread' => 1, 'status_id' => $new_status_id)); } if (isset($_REQUEST['generate_priority_invoice'])) { $invoice_id = $this->generate_priority_invoice($ticket_id); redirect_browser(module_invoice::link_public($invoice_id)); } // where to redirect? $url = module_config::c('ticket_public_reply_redirect', ''); if (!$url) { $url = $this->link_public($ticket_id); } redirect_browser($url); } if ($ticket && $ticket['ticket_id'] == $ticket_id) { $admins_rel = self::get_ticket_staff_rel(); /*if(!isset($logged_in_user) || !$logged_in_user){ // we assume the user is on the public side. // use the creator id as the logged in id. $logged_in_user = module_security::get_loggedin_id(); }*/ // public hack, we are the ticket responder. $logged_in_user = $ticket['user_id']; $ticket_creator = $ticket['user_id']; if ($ticket_creator == $logged_in_user) { // we are sending a reply back to the admin, from the end user. $to_user_id = $ticket['assigned_user_id'] ? $ticket['assigned_user_id'] : module_config::c('ticket_default_user_id', 1); $from_user_id = $logged_in_user; } else { // we are sending a reply back to the ticket user. $to_user_id = $ticket['user_id']; $from_user_id = $logged_in_user; } $to_user_a = module_user::get_user($to_user_id, false); $from_user_a = module_user::get_user($from_user_id, false); if (isset($ticket['ticket_account_id']) && $ticket['ticket_account_id']) { $ticket_account = module_ticket::get_ticket_account($ticket['ticket_account_id']); } else { $ticket_account = false; } if ($ticket_account && $ticket_account['email']) { $reply_to_address = $ticket_account['email']; $reply_to_name = $ticket_account['name']; } else { // reply to creator. $reply_to_address = $from_user_a['email']; $reply_to_name = $from_user_a['name']; } if ($ticket_creator == $logged_in_user) { $send_as_name = $from_user_a['name']; $send_as_address = $from_user_a['email']; } else { $send_as_address = $reply_to_address; $send_as_name = $reply_to_name; } $admins_rel = self::get_ticket_staff_rel(); ob_start(); include 'public/ticket_customer_view.php'; $html = ob_get_clean(); module_template::init_template('external_ticket_public_view', '{TICKET_HTML}', 'Used when displaying the external view of a ticket to the customer.', 'code'); $template = module_template::get_template_by_key('external_ticket_public_view'); $template->assign_values(array('ticket_html' => $html)); $template->page_title = _l('Ticket: %s', module_ticket::ticket_number($ticket['ticket_id'])); echo $template->render('pretty_html'); exit; } else { _e('Permission Denied. Please logout and try again.'); } } } break; } }