function save($id, $vars, &$errors) { $vars['username'] = Format::striptags($vars['username']); $vars['firstname'] = Format::striptags($vars['firstname']); $vars['lastname'] = Format::striptags($vars['lastname']); if ($id && $id != $vars['id']) { $errors['err'] = __('Internal Error'); } if (!$vars['firstname']) { $errors['firstname'] = __('First name required'); } if (!$vars['lastname']) { $errors['lastname'] = __('Last name required'); } $error = ''; if (!$vars['username'] || !Validator::is_username($vars['username'], $error)) { $errors['username'] = $error ? $error : __('Username is required'); } elseif (($uid = Staff::getIdByUsername($vars['username'])) && $uid != $id) { $errors['username'] = __('Username already in use'); } if (!$vars['email'] || !Validator::is_valid_email($vars['email'])) { $errors['email'] = __('Valid email is required'); } elseif (Email::getIdByEmail($vars['email'])) { $errors['email'] = __('Already in use system email'); } elseif (($uid = Staff::getIdByEmail($vars['email'])) && $uid != $id) { $errors['email'] = __('Email already in use by another agent'); } if ($vars['phone'] && !Validator::is_phone($vars['phone'])) { $errors['phone'] = __('Valid phone number is required'); } if ($vars['mobile'] && !Validator::is_phone($vars['mobile'])) { $errors['mobile'] = __('Valid phone number is required'); } if ($vars['passwd1'] || $vars['passwd2'] || !$id) { if ($vars['passwd1'] && strcmp($vars['passwd1'], $vars['passwd2'])) { $errors['passwd2'] = __('Passwords do not match'); } elseif ($vars['backend'] != 'local' || $vars['welcome_email']) { // Password can be omitted } elseif (!$vars['passwd1'] && !$id) { $errors['passwd1'] = __('Temporary password is required'); $errors['temppasswd'] = __('Required'); } elseif ($vars['passwd1'] && strlen($vars['passwd1']) < 6) { $errors['passwd1'] = __('Password must be at least 6 characters'); } } if (!$vars['dept_id']) { $errors['dept_id'] = __('Department is required'); } if (!$vars['group_id']) { $errors['group_id'] = __('Group is required'); } if (!$vars['timezone_id']) { $errors['timezone_id'] = __('Time zone selection is required'); } // Ensure we will still have an administrator with access if ($vars['isadmin'] !== '1' || $vars['isactive'] !== '1') { $sql = 'select count(*), max(staff_id) from ' . STAFF_TABLE . ' WHERE isadmin=1 and isactive=1'; if (($res = db_query($sql)) && (list($count, $sid) = db_fetch_row($res))) { if ($count == 1 && $sid == $id) { $errors['isadmin'] = __('Cowardly refusing to remove or lock out the only active administrator'); } } } if ($errors) { return false; } $sql = 'SET updated=NOW() ' . ' ,isadmin=' . db_input($vars['isadmin']) . ' ,isactive=' . db_input($vars['isactive']) . ' ,isvisible=' . db_input(isset($vars['isvisible']) ? 1 : 0) . ' ,onvacation=' . db_input(isset($vars['onvacation']) ? 1 : 0) . ' ,assigned_only=' . db_input(isset($vars['assigned_only']) ? 1 : 0) . ' ,dept_id=' . db_input($vars['dept_id']) . ' ,group_id=' . db_input($vars['group_id']) . ' ,timezone_id=' . db_input($vars['timezone_id']) . ' ,daylight_saving=' . db_input(isset($vars['daylight_saving']) ? 1 : 0) . ' ,username='******'username']) . ' ,firstname=' . db_input($vars['firstname']) . ' ,lastname=' . db_input($vars['lastname']) . ' ,email=' . db_input($vars['email']) . ' ,backend=' . db_input($vars['backend']) . ' ,phone="' . db_input(Format::phone($vars['phone']), false) . '"' . ' ,phone_ext=' . db_input($vars['phone_ext']) . ' ,mobile="' . db_input(Format::phone($vars['mobile']), false) . '"' . ' ,signature=' . db_input(Format::sanitize($vars['signature'])) . ' ,notes=' . db_input(Format::sanitize($vars['notes'])); if ($vars['passwd1']) { $sql .= ' ,passwd=' . db_input(Passwd::hash($vars['passwd1'])); if (isset($vars['change_passwd'])) { $sql .= ' ,change_passwd=1'; } } elseif (!isset($vars['change_passwd'])) { $sql .= ' ,change_passwd=0'; } if ($id) { $sql = 'UPDATE ' . STAFF_TABLE . ' ' . $sql . ' WHERE staff_id=' . db_input($id); if (db_query($sql) && db_affected_rows()) { return true; } $errors['err'] = sprintf(__('Unable to update %s.'), __('this agent')) . ' ' . __('Internal error occurred'); } else { $sql = 'INSERT INTO ' . STAFF_TABLE . ' ' . $sql . ', created=NOW()'; if (db_query($sql) && ($uid = db_insert_id())) { return $uid; } $errors['err'] = sprintf(__('Unable to create %s.'), __('this agent')) . ' ' . __('Internal error occurred'); } return false; }
function save($id, $vars, &$errors) { $vars['username'] = Format::striptags($vars['username']); $vars['firstname'] = Format::striptags($vars['firstname']); $vars['lastname'] = Format::striptags($vars['lastname']); if ($id && $id != $vars['id']) { $errors['err'] = 'Internal Error'; } if (!$vars['firstname']) { $errors['firstname'] = 'First name required'; } if (!$vars['lastname']) { $errors['lastname'] = 'Last name required'; } $error = ''; if (!$vars['username'] || !Validator::is_username($vars['username'], $error)) { $errors['username'] = $error ? $error : 'Username required'; } elseif (($uid = Staff::getIdByUsername($vars['username'])) && $uid != $id) { $errors['username'] = '******'; } if (!$vars['email'] || !Validator::is_email($vars['email'])) { $errors['email'] = 'Valid email required'; } elseif (Email::getIdByEmail($vars['email'])) { $errors['email'] = 'Already in-use system email'; } elseif (($uid = Staff::getIdByEmail($vars['email'])) && $uid != $id) { $errors['email'] = 'Email already in use by another staff member'; } if ($vars['phone'] && !Validator::is_phone($vars['phone'])) { $errors['phone'] = 'Valid number required'; } if ($vars['mobile'] && !Validator::is_phone($vars['mobile'])) { $errors['mobile'] = 'Valid number required'; } if ($vars['passwd1'] || $vars['passwd2'] || !$id) { if ($vars['passwd1'] && strcmp($vars['passwd1'], $vars['passwd2'])) { $errors['passwd2'] = 'Password(s) do not match'; } elseif ($vars['backend'] != 'local' || $vars['welcome_email']) { // Password can be omitted } elseif (!$vars['passwd1'] && !$id) { $errors['passwd1'] = 'Temp. password required'; $errors['temppasswd'] = 'Required'; } elseif ($vars['passwd1'] && strlen($vars['passwd1']) < 6) { $errors['passwd1'] = 'Must be at least 6 characters'; } } if (!$vars['dept_id']) { $errors['dept_id'] = 'Department required'; } if (!$vars['group_id']) { $errors['group_id'] = 'Group required'; } if (!$vars['timezone_id']) { $errors['timezone_id'] = 'Time zone required'; } if ($errors) { return false; } $sql = 'SET updated=NOW() ' . ' ,isadmin=' . db_input($vars['isadmin']) . ' ,isactive=' . db_input($vars['isactive']) . ' ,isvisible=' . db_input(isset($vars['isvisible']) ? 1 : 0) . ' ,onvacation=' . db_input(isset($vars['onvacation']) ? 1 : 0) . ' ,assigned_only=' . db_input(isset($vars['assigned_only']) ? 1 : 0) . ' ,dept_id=' . db_input($vars['dept_id']) . ' ,group_id=' . db_input($vars['group_id']) . ' ,timezone_id=' . db_input($vars['timezone_id']) . ' ,daylight_saving=' . db_input(isset($vars['daylight_saving']) ? 1 : 0) . ' ,username='******'username']) . ' ,firstname=' . db_input($vars['firstname']) . ' ,lastname=' . db_input($vars['lastname']) . ' ,email=' . db_input($vars['email']) . ' ,backend=' . db_input($vars['backend']) . ' ,phone="' . db_input(Format::phone($vars['phone']), false) . '"' . ' ,phone_ext=' . db_input($vars['phone_ext']) . ' ,mobile="' . db_input(Format::phone($vars['mobile']), false) . '"' . ' ,signature=' . db_input(Format::sanitize($vars['signature'])) . ' ,notes=' . db_input(Format::sanitize($vars['notes'])); if ($vars['passwd1']) { $sql .= ' ,passwd=' . db_input(Passwd::hash($vars['passwd1'])); if (isset($vars['change_passwd'])) { $sql .= ' ,change_passwd=1'; } } elseif (!isset($vars['change_passwd'])) { $sql .= ' ,change_passwd=0'; } if ($id) { $sql = 'UPDATE ' . STAFF_TABLE . ' ' . $sql . ' WHERE staff_id=' . db_input($id); if (db_query($sql) && db_affected_rows()) { return true; } $errors['err'] = 'Unable to update the user. Internal error occurred'; } else { $sql = 'INSERT INTO ' . STAFF_TABLE . ' ' . $sql . ', created=NOW()'; if (db_query($sql) && ($uid = db_insert_id())) { return $uid; } $errors['err'] = 'Unable to create user. Internal error'; } return false; }