/** * Builds a page with form for edit operator's permissions. * * @param Request $request Incoming request. * @return string Rendered page content. * @throws NotFoundException If the operator with specified ID is not found * in the system. */ public function showFormAction(Request $request) { $operator = $this->getOperator(); $op_id = $request->attributes->get('operator_id'); $page = array('opid' => $op_id, 'canmodify' => is_capable(CAN_ADMINISTRATE, $operator) ? '1' : '', 'errors' => array()); $op = operator_by_id($op_id); if (!$op) { throw new NotFoundException('The operator is not found.'); } // Check if the target operator exists $page['currentop'] = $op ? get_operator_name($op) . ' (' . $op['vclogin'] . ')' : getlocal('-not found-'); // Build list of permissions which belongs to the target operator. $checked_permissions = array(); foreach (permission_ids() as $perm => $id) { if (is_capable($perm, $op)) { $checked_permissions[] = $id; } } // Build list of all available permissions $page['permissionsList'] = array(); foreach (get_permission_list() as $perm) { $perm['checked'] = in_array($perm['id'], $checked_permissions); $page['permissionsList'][] = $perm; } $page['stored'] = $request->query->has('stored'); $page['title'] = getlocal('Permissions'); $page['menuid'] = $operator['operatorid'] == $op_id ? 'profile' : 'operators'; $page = array_merge($page, prepare_menu($operator)); $page['tabs'] = $this->buildTabs($request); return $this->render('operator_permissions', $page); }
/** * Builds a page with form for edit operator's groups. * * @param Request $request Incoming request. * @return string Rendered page content. * @throws NotFoundException If the operator with specified ID is not found * in the system. */ public function showFormAction(Request $request) { $operator = $this->getOperator(); $operator_in_isolation = in_isolation($operator); $op_id = $request->attributes->getInt('operator_id'); // Check if the target user exists $op = operator_by_id($op_id); if (!$op) { throw new NotFoundException('The operator is not found.'); } $page = array('opid' => $op_id, 'errors' => array()); $groups = $operator_in_isolation ? get_groups_for_operator($operator) : get_all_groups(); $can_modify = is_capable(CAN_ADMINISTRATE, $operator); $page['currentop'] = $op ? get_operator_name($op) . ' (' . $op['vclogin'] . ')' : getlocal('-not found-'); $page['canmodify'] = $can_modify ? '1' : ''; // Get IDs of groups the operator belongs to. $checked_groups = array(); if ($op) { $checked_groups = get_operator_group_ids($op_id); } // Get all available groups $page['groups'] = array(); foreach ($groups as $group) { $group['vclocalname'] = $group['vclocalname']; $group['vclocaldescription'] = $group['vclocaldescription']; $group['checked'] = in_array($group['groupid'], $checked_groups); $page['groups'][] = $group; } $page['stored'] = $request->query->has('stored'); $page['title'] = getlocal('Operator groups'); $page['menuid'] = $operator['operatorid'] == $op_id ? 'profile' : 'operators'; $page = array_merge($page, prepare_menu($operator)); $page['tabs'] = $this->buildTabs($request); return $this->render('operator_groups', $page); }
function thread_to_xml($thread, $link) { global $state_chatting, $threadstate_to_string, $threadstate_key, $mibew_encoding, $operator, $settings, $can_viewthreads, $can_takeover, $mysqlprefix; $state = $threadstate_to_string[$thread['istate']]; $result = "<thread id=\"" . safe_htmlspecialchars(safe_htmlspecialchars($thread['threadid'])) . "\" stateid=\"{$state}\""; if ($state == "closed") { return $result . "/>"; } $state = getstring($threadstate_key[$thread['istate']]); $nextagent = $thread['nextagent'] != 0 ? operator_by_id_($thread['nextagent'], $link) : null; $threadoperator = $nextagent ? get_operator_name($nextagent) : ($thread['agentName'] ? $thread['agentName'] : "-"); if ($threadoperator == "-" && $thread['groupname']) { $threadoperator = "- " . $thread['groupname'] . " -"; } if (!($thread['istate'] == $state_chatting && $thread['agentId'] != $operator['operatorid'] && !is_capable($can_takeover, $operator))) { $result .= " canopen=\"true\""; } if ($thread['agentId'] != $operator['operatorid'] && $thread['nextagent'] != $operator['operatorid'] && is_capable($can_viewthreads, $operator)) { $result .= " canview=\"true\""; } if ($settings['enableban'] == "1") { $result .= " canban=\"true\""; } $banForThread = $settings['enableban'] == "1" ? ban_for_addr_($thread['remote'], $link) : false; if ($banForThread) { $result .= " ban=\"blocked\" banid=\"" . safe_htmlspecialchars(safe_htmlspecialchars($banForThread['banid'])) . "\""; } $result .= " state=\"{$state}\" typing=\"" . safe_htmlspecialchars(safe_htmlspecialchars($thread['userTyping'])) . "\">"; $result .= "<name>"; if ($banForThread) { $result .= safe_htmlspecialchars(getstring('chat.client.spam.prefix')); } $result .= safe_htmlspecialchars(safe_htmlspecialchars(get_user_name($thread['userName'], $thread['remote'], $thread['userid']))) . "</name>"; $result .= "<addr>" . safe_htmlspecialchars(get_user_addr($thread['remote'])) . "</addr>"; $result .= "<agent>" . safe_htmlspecialchars(safe_htmlspecialchars($threadoperator)) . "</agent>"; $result .= "<time>" . safe_htmlspecialchars(safe_htmlspecialchars($thread['unix_timestamp(dtmcreated)'])) . "000</time>"; $result .= "<modified>" . safe_htmlspecialchars(safe_htmlspecialchars($thread['unix_timestamp(dtmmodified)'])) . "000</modified>"; if ($banForThread) { $result .= "<reason>" . safe_htmlspecialchars(safe_htmlspecialchars($banForThread['comment'])) . "</reason>"; } $userAgent = get_useragent_version($thread['userAgent']); $result .= "<useragent>" . safe_htmlspecialchars($userAgent) . "</useragent>"; if ($thread["shownmessageid"] != 0) { $query = "select tmessage from {$mysqlprefix}chatmessage where messageid = " . intval($thread["shownmessageid"]); $line = select_one_row($query, $link); if ($line) { $message = preg_replace("/[\r\n\t]+/", " ", $line["tmessage"]); $result .= "<message>" . safe_htmlspecialchars(safe_htmlspecialchars($message)) . "</message>"; } } $result .= "</thread>"; return $result; }
/** * Generates a page for the first step of password recovery process. * * @param Request $request * @return string Rendered page content */ public function indexAction(Request $request) { if ($this->getOperator()) { // If the operator is logged in just redirect him to the home page. return $this->redirect($request->getUriForPath('/operator')); } $page = array('version' => MIBEW_VERSION, 'title' => getlocal('Trouble Accessing Your Account?'), 'headertitle' => getlocal('Mibew Messenger'), 'show_small_login' => true, 'fixedwrap' => true, 'errors' => array()); $login_or_email = ''; if ($request->isMethod('POST')) { // When HTTP GET method is used the form is just rendered but the // user does not pass any data. Thus we need to prevent CSRF attacks // only for POST requests csrf_check_token($request); } if ($request->isMethod('POST') && $request->request->has('loginoremail')) { $login_or_email = $request->request->get('loginoremail'); $to_restore = MailUtils::isValidAddress($login_or_email) ? operator_by_email($login_or_email) : operator_by_login($login_or_email); if (!$to_restore) { $page['errors'][] = getlocal('No such Operator'); } $email = $to_restore['vcemail']; if (count($page['errors']) == 0 && !MailUtils::isValidAddress($email)) { $page['errors'][] = "Operator hasn't set his e-mail"; } if (count($page['errors']) == 0) { $token = sha1($to_restore['vclogin'] . (function_exists('openssl_random_pseudo_bytes') ? openssl_random_pseudo_bytes(32) : time() + microtime() . mt_rand(0, 99999999))); // Update the operator $to_restore['dtmrestore'] = time(); $to_restore['vcrestoretoken'] = $token; update_operator($to_restore); $href = $this->getRouter()->generate('password_recovery_reset', array('id' => $to_restore['operatorid'], 'token' => $token), UrlGeneratorInterface::ABSOLUTE_URL); // Load mail templates and substitute placeholders there. $mail_template = MailTemplate::loadByName('password_recovery', get_current_locale()); if (!$mail_template) { throw new \RuntimeException('Cannot load "password_recovery" mail template'); } $this->sendMail(MailUtils::buildMessage($email, $email, $mail_template->buildSubject(), $mail_template->buildBody(array(get_operator_name($to_restore), $href)))); $page['isdone'] = true; return $this->render('password_recovery', $page); } } $page['formloginoremail'] = $login_or_email; $page['localeLinks'] = get_locale_links(); $page['isdone'] = false; return $this->render('password_recovery', $page); }
/** * Generates a page with statistics info. * * @param Request $request * @return string Rendered page content */ public function indexAction(Request $request) { $operator = $this->getOperator(); $statistics_type = $request->attributes->get('type'); $page = array(); $page['operator'] = get_operator_name($operator); $page['availableDays'] = range(1, 31); $page['availableMonth'] = get_month_selection(time() - 400 * 24 * 60 * 60, time() + 50 * 24 * 60 * 60); $page['showresults'] = false; $page['type'] = $statistics_type; $page['showbydate'] = $statistics_type == self::TYPE_BY_DATE; $page['showbyagent'] = $statistics_type == self::TYPE_BY_OPERATOR; $page['showbypage'] = $statistics_type == self::TYPE_BY_PAGE; $cron_uri = $this->generateUrl('cron', array('cron_key' => Settings::get('cron_key')), UrlGeneratorInterface::ABSOLUTE_URL); $page['pageDescription'] = getlocal('From this page you can generate a variety of usage reports. Last time statistics was calculated {0}. You can calculate it <a href="{1}" target="_blank">manually</a>.', array(date_to_text(Settings::get('_last_cron_run')), $cron_uri)); $page['show_invitations_info'] = (bool) Settings::get('enabletracking'); $page['errors'] = array(); // Get and validate time interval $time_interval = $this->extractTimeInterval($request); $start = $time_interval['start']; $end = $time_interval['end']; if ($start > $end) { $page['errors'][] = getlocal('You have selected From date after Till date'); } $page = array_merge($page, set_form_date($start, 'start'), set_form_date($end - 24 * 60 * 60, 'end')); // Get statistics info if ($statistics_type == self::TYPE_BY_DATE) { $statistics = get_by_date_statistics($start, $end); $page['reportByDate'] = $statistics['records']; $page['reportByDateTotal'] = $statistics['total']; } elseif ($statistics_type == self::TYPE_BY_OPERATOR) { $page['reportByAgent'] = get_by_operator_statistics($start, $end); } elseif ($statistics_type == self::TYPE_BY_PAGE) { $page['reportByPage'] = get_by_page_statistics($start, $end); } $page['showresults'] = count($page['errors']) == 0; $page['title'] = getlocal("Statistics"); $page['menuid'] = "statistics"; $page = array_merge($page, prepare_menu($operator)); $page['tabs'] = $this->buildTabs($request); return $this->render('statistics', $page); }
/** * Invite visitor by operator * * Triggers {@link \Mibew\EventDispatcher\Events::INVITATION_CREATE} event. * * @param int $visitor_id ID of the visitor, who must be invited. * @param array $operator Info for operator who invite the visitor * @return Thread|boolean Thread object related with invitation or boolean * false on failure */ function invitation_invite($visitor_id, $operator) { // Check if visitor already invited $invitation_state = invitation_state($visitor_id); if ($invitation_state['invited']) { return false; } // Get visitor info $visitor = track_get_visitor_by_id($visitor_id); // Get last page visited by the visitor $visitor_path = track_get_path($visitor); ksort($visitor_path); $last_visited_page = array_pop($visitor_path); // Get visitor details $visitor_details = track_retrieve_details($visitor); // Get some operator's info $operator_name = get_operator_name($operator); // Create thread for invitation $thread = new Thread(); // Populate thread and save it $thread->agentId = $operator['operatorid']; $thread->agentName = $operator_name; $thread->userName = $visitor['username']; $thread->remote = $visitor_details['remote_host']; $thread->referer = $last_visited_page; // User's locale is unknown, set operator locale to the thread $thread->locale = get_current_locale(); $thread->userId = $visitor['userid']; $thread->userAgent = $visitor_details['user_agent']; $thread->state = Thread::STATE_INVITED; $thread->invitationState = Thread::INVITATION_WAIT; $thread->save(); $db = Database::getInstance(); $db->query("UPDATE {sitevisitor} set " . "invitations = invitations + 1, " . "threadid = :thread_id " . "WHERE visitorid = :visitor_id", array(':thread_id' => $thread->id, ':visitor_id' => $visitor_id)); // Send some messages $thread->postMessage(Thread::KIND_FOR_AGENT, getlocal('Operator {0} invites visitor at {1} page', array($operator_name, $last_visited_page), get_current_locale(), true)); $thread->postMessage(Thread::KIND_AGENT, getlocal('Hello, how can I help you?', null, get_current_locale(), true), array('name' => $operator_name, 'operator_id' => $operator['operatorid'])); // Let plugins know about the invitation. $args = array('invitation' => $thread); EventDispatcher::getInstance()->triggerEvent(Events::INVITATION_CREATE, $args); return $thread; }
/** * Builds a page with form for edit operator's avatar. * * @param Request $request incoming request. * @return string Rendered page content. * @throws NotFoundException If the operator with specified ID is not found * in the system. */ public function showFormAction(Request $request) { $operator = $this->getOperator(); $op_id = $request->attributes->get('operator_id'); $page = array('opid' => $op_id, 'errors' => $request->attributes->get('errors', array())); $can_modify = $op_id == $operator['operatorid'] && is_capable(CAN_MODIFYPROFILE, $operator) || is_capable(CAN_ADMINISTRATE, $operator); // Try to load the target operator. $op = operator_by_id($op_id); if (!$op) { throw new NotFoundException('The operator is not found'); } $page['avatar'] = $op['vcavatar'] ? $this->asset($op['vcavatar']) : ''; $page['currentop'] = $op ? get_operator_name($op) . ' (' . $op['vclogin'] . ')' : getlocal('-not found-'); $page['canmodify'] = $can_modify ? '1' : ''; $page['title'] = getlocal('Upload photo'); $page['menuid'] = $operator['operatorid'] == $op_id ? 'profile' : 'operators'; $page = array_merge($page, prepare_menu($operator)); $page['tabs'] = $this->buildTabs($request); return $this->render('operator_avatar', $page); }
/** * Redirects a chat thread to the operator with the specified ID. * * @param \Mibew\Thread $thread Chat thread to redirect. * @param int $group_id ID of the target operator. * @return boolean True if the thread was redirected and false on failure. */ protected function redirectToOperator(Thread $thread, $operator_id) { if ($thread->state != Thread::STATE_CHATTING) { // We can redirect only threads which are in proggress now. return false; } // Redirect the thread $thread->state = Thread::STATE_WAITING; $thread->nextAgent = $operator_id; $thread->agentId = 0; // Check if the target operator belongs to the current thread's group. // If not reset the current thread's group. if ($thread->groupId != 0) { $db = Database::getInstance(); list($groups_count) = $db->query("SELECT count(*) AS count " . "FROM {operatortoopgroup} " . "WHERE operatorid = ? AND groupid = ?", array($operator_id, $thread->groupId), array('return_rows' => Database::RETURN_ONE_ROW, 'fetch_type' => Database::FETCH_NUM)); if ($groups_count === 0) { $thread->groupId = 0; } } $thread->save(); // Send notification message $thread->postMessage(Thread::KIND_EVENTS, getlocal('Operator {0} redirected you to another operator. Please wait a while.', array(get_operator_name($this->getOperator())), $thread->locale, true)); return true; }
$errors = array(); $page = array('version' => $version); $loginoremail = ""; if (isset($_POST['loginoremail'])) { $loginoremail = getparam("loginoremail"); $torestore = is_valid_email($loginoremail) ? operator_by_email($loginoremail) : operator_by_login($loginoremail); if (!$torestore) { $errors[] = getlocal("no_such_operator"); } $email = $torestore['vcemail']; if (count($errors) == 0 && !is_valid_email($email)) { $errors[] = "Operator hasn't set his e-mail"; } if (count($errors) == 0) { $token = md5(time() + microtime() . rand(0, 99999999)); $link = connect(); $query = "update {$mysqlprefix}chatoperator set dtmrestore = CURRENT_TIMESTAMP, vcrestoretoken = '{$token}' where operatorid = " . $torestore['operatorid']; perform_query($query, $link); $href = get_app_location(true, false) . "/operator/resetpwd.php?id=" . $torestore['operatorid'] . "&token={$token}"; webim_mail($email, $email, getstring("restore.mailsubj"), getstring2("restore.mailtext", array(get_operator_name($torestore), $href)), $link); mysql_close($link); $page['isdone'] = true; require '../view/restore.php'; exit; } } $page['formloginoremail'] = topage($loginoremail); $page['localeLinks'] = get_locale_links("{$webimroot}/operator/restore.php"); $page['isdone'] = false; start_html_output(); require '../view/restore.php';
/** * Prepare values to render page menu. * * @param array $operator An array with operators data. * @param boolean $has_right Restricts access to menu items. If it equals to * FALSE only "Home", "Visitors", and "Chat history" items will be displayed. * Otherwise items set depends on operator's permissions and system settings. * Default value is TRUE. * @return array */ function prepare_menu($operator, $has_right = true) { $result = array(); $result['showMenu'] = true; $result['operator'] = get_operator_name($operator); if ($has_right) { $result['showban'] = Settings::get('enableban') == "1"; $result['showstat'] = Settings::get('enablestatistics') == "1"; $result['showadmin'] = is_capable(CAN_ADMINISTRATE, $operator); $result['currentopid'] = $operator['operatorid']; } return $result; }
function prepare_menu($operator, $hasright = true) { global $page, $settings, $can_administrate, $can_viewnotifications; $page['operator'] = topage(get_operator_name($operator)); if ($hasright) { loadsettings(); $page['showban'] = $settings['enableban'] == "1"; $page['showgroups'] = $settings['enablegroups'] == "1"; $page['showstat'] = $settings['enablestatistics'] == "1"; $page['shownotifications'] = is_capable($can_viewnotifications, $operator); $page['showadmin'] = is_capable($can_administrate, $operator); $page['currentopid'] = $operator['operatorid']; } }
$errors[] = getlocal("chat.redirect.unknown_group"); } } else { $nextid = verifyparam("nextAgent", "/^\\d{1,10}\$/"); $nextOperator = operator_by_id($nextid); if ($nextOperator) { $page['message'] = getlocal2("chat.redirected.content", array(safe_htmlspecialchars(topage(get_operator_name($nextOperator))))); if ($thread['istate'] == $state_chatting) { $link = connect(); $threadupdate = array("istate" => intval($state_waiting), "nextagent" => intval($nextid), "agentId" => 0); if ($thread['groupid'] != 0) { if (FALSE === select_one_row("select groupid from {$mysqlprefix}chatgroupoperator where operatorid = " . intval($nextid) . " and groupid = " . intval($thread['groupid']), $link)) { $threadupdate['groupid'] = 0; } } commit_thread($threadid, $threadupdate, $link); post_message_($thread['threadid'], $kind_events, getstring2_("chat.status.operator.redirect", array(get_operator_name($operator)), $thread['locale'], true), $link); mysql_close($link); } else { $errors[] = getlocal("chat.redirect.cannot"); } } else { $errors[] = getlocal("chat.redirect.unknown_operator"); } } setup_logo(); if (count($errors) > 0) { expand("../styles", getchatstyle(), "error.tpl"); } else { expand("../styles", getchatstyle(), "redirected.tpl"); }
* * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ require_once '../libs/common.php'; require_once '../libs/chat.php'; require_once '../libs/operator.php'; $operator = check_login(); setlocale(LC_TIME, getstring("time.locale")); $page = array(); $page['operator'] = topage(get_operator_name($operator)); $page['availableDays'] = range(1, 31); $page['availableMonth'] = get_month_selection(time() - 400 * 24 * 60 * 60, time() + 50 * 24 * 60 * 60); $page['showresults'] = false; $errors = array(); if (isset($_GET['startday'])) { $startday = verifyparam("startday", "/^\\d+\$/"); $startmonth = verifyparam("startmonth", "/^\\d{2}.\\d{2}\$/"); $endday = verifyparam("endday", "/^\\d+\$/"); $endmonth = verifyparam("endmonth", "/^\\d{2}.\\d{2}\$/"); $start = get_form_date($startday, $startmonth); $end = get_form_date($endday, $endmonth) + 24 * 60 * 60; } else { $curr = getdate(time()); if ($curr['mday'] < 7) { // previous month
/** * Start chat thread for user * * @param int $group_id Id of group related to thread * @param array $requested_operator Array of requested operator info * @param string $visitor_id Id of the visitor * @param string $visitor_name Name of the visitor * @param string $referrer Page user came from * @param string $info User info * * @return Thread thread object */ function chat_start_for_user($group_id, $requested_operator, $visitor_id, $visitor_name, $referrer, $info) { // Get user info $remote_host = get_remote_host(); $user_browser = $_SERVER['HTTP_USER_AGENT']; // Check connection limit if (Thread::connectionLimitReached($remote_host)) { die("number of connections from your IP is exceeded, try again later"); } // Check if visitor was invited to chat $is_invited = false; if (Settings::get('enabletracking')) { $invitation_state = invitation_state($_SESSION[SESSION_PREFIX . 'visitorid']); if ($invitation_state['invited']) { $is_invited = true; } } // Get info about requested operator $requested_operator_online = false; if ($requested_operator) { $requested_operator_online = is_operator_online($requested_operator['operatorid']); } // Get thread object if ($is_invited) { // Get thread from invitation $thread = invitation_accept($_SESSION[SESSION_PREFIX . 'visitorid']); if (!$thread) { die("Cannot start thread"); } } else { // Create thread $thread = new Thread(); $thread->state = Thread::STATE_LOADING; $thread->agentId = 0; if ($requested_operator && $requested_operator_online) { $thread->nextAgent = $requested_operator['operatorid']; } } // Update thread fields $thread->groupId = $group_id; $thread->userName = $visitor_name; $thread->remote = $remote_host; $thread->referer = $referrer; $thread->locale = get_current_locale(); $thread->userId = $visitor_id; $thread->userAgent = $user_browser; $thread->save(); $_SESSION[SESSION_PREFIX . 'threadid'] = $thread->id; // Store own thread ids to restrict access for other people if (!isset($_SESSION[SESSION_PREFIX . 'own_threads'])) { $_SESSION[SESSION_PREFIX . 'own_threads'] = array(); } $_SESSION[SESSION_PREFIX . 'own_threads'][] = $thread->id; // Bind thread to the visitor if (Settings::get('enabletracking')) { track_visitor_bind_thread($visitor_id, $thread); } // Send several messages if ($is_invited) { $operator = operator_by_id($thread->agentId); $operator_name = get_operator_name($operator); $thread->postMessage(Thread::KIND_FOR_AGENT, getlocal('Visitor accepted invitation from operator {0}', array($operator_name), get_current_locale(), true)); } else { if ($referrer) { $thread->postMessage(Thread::KIND_FOR_AGENT, getlocal('Vistor came from page {0}', array($referrer), get_current_locale(), true)); } if ($requested_operator && !$requested_operator_online) { $thread->postMessage(Thread::KIND_INFO, getlocal('Thank you for contacting us. We are sorry, but requested operator <strong>{0}</strong> is offline. Another operator will be with you shortly.', array(get_operator_name($requested_operator)), get_current_locale(), true)); } else { $thread->postMessage(Thread::KIND_INFO, getlocal('Thank you for contacting us. An operator will be with you shortly.', null, get_current_locale(), true)); } } // TODO: May be move sending this message somewhere else? if ($info) { $thread->postMessage(Thread::KIND_FOR_AGENT, getlocal('Info: {0}', array($info), get_current_locale(), true)); } // Let plugins know that user is ready to chat. $dispatcher = EventDispatcher::getInstance(); $event_args = array('thread' => $thread); $dispatcher->triggerEvent(Events::THREAD_USER_IS_READY, $event_args); return $thread; }
if (verifyparam("permissions{$id}", "/^on\$/", "") == "on") { $new_permissions |= 1 << $perm; } else { $new_permissions &= ~(1 << $perm); } } if (count($errors) == 0) { update_operator_permissions($op['operatorid'], $new_permissions); if ($opId && $_SESSION["{$mysqlprefix}operator"] && $operator['operatorid'] == $opId) { $_SESSION["{$mysqlprefix}operator"]['iperm'] = $new_permissions; } header("Location: {$webimroot}/operator/permissions.php?op={$opId}&stored"); exit; } } } $page['permissionsList'] = get_permission_list(); $page['formpermissions'] = array(""); $page['currentop'] = $op ? topage(get_operator_name($op)) . " (" . $op['vclogin'] . ")" : "-not found-"; if ($op) { foreach ($permission_ids as $perm => $id) { if (is_capable($perm, $op)) { $page['formpermissions'][] = $id; } } } $page['stored'] = isset($_GET['stored']); prepare_menu($operator); setup_operator_settings_tabs($opId, 3); start_html_output(); require '../view/permissions.php';
if (verifyparam("permissions{$id}", "/^on\$/", "") == "on") { $new_permissions |= 1 << $perm; } else { $new_permissions &= ~(1 << $perm); } } if (count($errors) == 0) { update_operator_permissions($op['operatorid'], $new_permissions); if ($opId && $_SESSION["{$mysqlprefix}operator"] && $operator['operatorid'] == $opId) { $_SESSION["{$mysqlprefix}operator"]['iperm'] = $new_permissions; } header("Location: {$mibewroot}/operator/permissions.php?op=" . intval($opId) . "&stored"); exit; } } } $page['permissionsList'] = get_permission_list(); $page['formpermissions'] = array(""); $page['currentop'] = $op ? topage(get_operator_name($op)) . " (" . $op['vclogin'] . ")" : getlocal('page_agent.not_found'); if ($op) { foreach ($permission_ids as $perm => $id) { if (is_capable($perm, $op)) { $page['formpermissions'][] = $id; } } } $page['stored'] = isset($_GET['stored']); prepare_menu($operator); setup_operator_settings_tabs($opId, 3); start_html_output(); require '../view/permissions.php';
/** * Return updated visitors list. API function. * * Triggers * {@link \Mibew\EventDispatcher\Events::USERS_UPDATE_VISITORS_LOAD} and * {@link \Mibew\EventDispatcher\Events::USERS_UPDATE_VISITORS_ALTER} * events. * * @param array $args Associative array of arguments. It must contains the * following keys: * - 'agentId': Id of the agent related to users window * * @return array Array of results. It contains the following keys: * - 'visitors': array of visitors on the site */ protected function apiUpdateVisitors($args) { // Check access $this->checkOperator($args['agentId']); // Close old invitations invitation_close_old(); // Remove old visitors track_remove_old_visitors(); // Get instance of event dispatcher $dispatcher = EventDispatcher::getInstance(); // Trigger load event $arguments = array('visitors' => false); $dispatcher->triggerEvent(Events::USERS_UPDATE_VISITORS_LOAD, $arguments); // Check if visiors list loaded by plugins if (!is_array($arguments['visitors'])) { // Load visitors list $db = Database::getInstance(); // Load visitors $query = "SELECT v.visitorid, " . "v.userid, " . "v.username, " . "v.firsttime, " . "v.lasttime, " . "v.entry, " . "v.details, " . "t.invitationstate, " . "t.dtmcreated AS invitationtime, " . "t.agentId AS invitedby, " . "v.invitations, " . "v.chats " . "FROM {sitevisitor} v " . "LEFT OUTER JOIN {thread} t " . "ON t.threadid = v.threadid " . "WHERE v.threadid IS NULL " . "OR (t.istate = :state_invited " . "AND t.invitationstate = :invitation_wait)" . "ORDER BY t.invitationstate, v.lasttime DESC, v.invitations"; $query .= Settings::get('visitors_limit') == '0' ? "" : " LIMIT " . Settings::get('visitors_limit'); $rows = $db->query($query, array(':state_invited' => Thread::STATE_INVITED, ':invitation_wait' => Thread::INVITATION_WAIT), array('return_rows' => Database::RETURN_ALL_ROWS)); $visitors = array(); foreach ($rows as $row) { // Get visitor details $details = track_retrieve_details($row); // Get user agent $user_agent = get_user_agent_version($details['user_agent']); // Get user ip if (preg_match("/(\\d+\\.\\d+\\.\\d+\\.\\d+)/", $details['remote_host'], $matches) != 0) { $user_ip = $matches[1]; } else { $user_ip = false; } // Get invitation info $row['invited'] = $row['invitationstate'] == Thread::INVITATION_WAIT; if ($row['invited']) { $agent_name = get_operator_name(operator_by_id($row['invitedby'])); $invitation_info = array('time' => $row['invitationtime'], 'agentName' => $agent_name); } else { $invitation_info = false; } // Create resulting visitor structure $visitors[] = array('id' => (int) $row['visitorid'], 'userId' => $row['userid'], 'userName' => $row['username'], 'userAgent' => $user_agent, 'userIp' => $user_ip, 'remote' => $details['remote_host'], 'firstTime' => $row['firsttime'], 'lastTime' => $row['lasttime'], 'invitations' => (int) $row['invitations'], 'chats' => (int) $row['chats'], 'invitationInfo' => $invitation_info); } } else { $visitors = $arguments['visitors']; } // Provide ability to alter visitors list $arguments = array('visitors' => $visitors); $dispatcher->triggerEvent(Events::USERS_UPDATE_VISITORS_ALTER, $arguments); // Send results back to the client. "array_values" function should be // used to avoid problems with JSON conversion. If there will be gaps in // keys (the keys are not serial) JSON Object will be produced instead // of an Array. return array('visitors' => array_values($arguments['visitors'])); }