function update($vars, &$errors)
{
global $cfg;
$rtoken = $_SESSION['_client']['reset-token'];
if ($vars['passwd1'] || $vars['passwd2'] || $vars['cpasswd'] || $rtoken) {
if (!$vars['passwd1']) {
$errors['passwd1'] = __('New password is required');
} elseif ($vars['passwd1'] && strlen($vars['passwd1']) < 6) {
$errors['passwd1'] = __('Password must be at least 6 characters');
} elseif ($vars['passwd1'] && strcmp($vars['passwd1'], $vars['passwd2'])) {
$errors['passwd2'] = __('Passwords do not match');
}
if ($rtoken) {
$_config = new Config('pwreset');
if ($_config->get($rtoken) != $this->getUserId()) {
$errors['err'] = __('Invalid reset token. Logout and try again');
} elseif (!($ts = $_config->lastModified($rtoken)) && $cfg->getPwResetWindow() < time() - strtotime($ts)) {
$errors['err'] = __('Invalid reset token. Logout and try again');
}
} elseif ($this->get('passwd')) {
if (!$vars['cpasswd']) {
$errors['cpasswd'] = __('Current password is required');
} elseif (!$this->hasCurrentPassword($vars['cpasswd'])) {
$errors['cpasswd'] = __('Invalid current password!');
} elseif (!strcasecmp($vars['passwd1'], $vars['cpasswd'])) {
$errors['passwd1'] = __('New password MUST be different from the current password!');
}
}
}
if (!$vars['timezone_id']) {
$errors['timezone_id'] = __('Time zone selection is required');
}
if ($errors) {
return false;
}
$this->set('timezone_id', $vars['timezone_id']);
$this->set('dst', isset($vars['dst']) ? 1 : 0);
// Change language
$this->set('lang', $vars['lang'] ?: null);
$_SESSION['client:lang'] = null;
TextDomain::configureForUser($this);
if ($vars['backend']) {
$this->set('backend', $vars['backend']);
if ($vars['username']) {
$this->set('username', $vars['username']);
}
}
if ($vars['passwd1']) {
$this->set('passwd', Passwd::hash($vars['passwd1']));
$info = array('password' => $vars['passwd1']);
Signal::send('auth.pwchange', $this->getUser(), $info);
$this->cancelResetTokens();
$this->clearStatus(UserAccountStatus::REQUIRE_PASSWD_RESET);
}
return $this->save();
}
require_once INCLUDE_DIR . 'class.ticket.php';
require_once INCLUDE_DIR . 'class.dept.php';
//clear some vars
$errors = array();
$msg = '';
$nav = null;
//Make sure the user is valid..before doing anything else.
$thisclient = UserAuthenticationBackend::getUser();
if (isset($_GET['lang']) && $_GET['lang']) {
if (Internationalization::getLanguageInfo($_GET['lang'])) {
$_SESSION['client:lang'] = $_GET['lang'];
}
}
// Bootstrap gettext translations as early as possible, but after attempting
// to sign on the agent
TextDomain::configureForUser($thisclient);
//is the user logged in?
if ($thisclient && $thisclient->getId() && $thisclient->isValid()) {
$thisclient->refreshSession();
} else {
$thisclient = null;
}
/******* CSRF Protectin *************/
// Enforce CSRF protection for POSTS
if ($_POST && !$ost->checkCSRFToken()) {
Http::redirect('index.php');
//just incase redirect fails
die('Action denied (400)!');
}
//Add token to the header - used on ajax calls [DO NOT CHANGE THE NAME]
$ost->addExtraHeader('<meta name="csrf_token" content="' . $ost->getCSRFToken() . '" />');
*/
if (!function_exists('staffLoginPage')) {
//Ajax interface can pre-declare the function to trap expired sessions.
function staffLoginPage($msg)
{
global $ost, $cfg;
$_SESSION['_staff']['auth']['dest'] = '/' . ltrim($_SERVER['REQUEST_URI'], '/');
$_SESSION['_staff']['auth']['msg'] = $msg;
require SCP_DIR . 'login.php';
exit;
}
}
$thisstaff = StaffAuthenticationBackend::getUser();
// Bootstrap gettext translations as early as possible, but after attempting
// to sign on the agent
TextDomain::configureForUser($thisstaff);
//1) is the user Logged in for real && is staff.
if (!$thisstaff || !$thisstaff->getId() || !$thisstaff->isValid()) {
if (isset($_SESSION['_staff']['auth']['msg'])) {
$msg = $_SESSION['_staff']['auth']['msg'];
unset($_SESSION['_staff']['auth']['msg']);
} elseif ($thisstaff && !$thisstaff->isValid()) {
$msg = __('Session timed out due to inactivity');
} else {
$msg = __('Ingresar usuario y contraseña');
}
staffLoginPage($msg);
exit;
}
//2) if not super admin..check system status and group status
if (!$thisstaff->isAdmin()) {
Peter Rotich <*****@*****.**>
Copyright (c) 2006-2013 osTicket
http://www.osticket.com
Released under the GNU General Public License WITHOUT ANY WARRANTY.
See LICENSE.TXT for details.
vim: expandtab sw=4 ts=4 sts=4:
**********************************************************************/
require_once '../main.inc.php';
if (!defined('INCLUDE_DIR')) {
die('Fatal Error. Kwaheri!');
}
// Bootstrap gettext translations. Since no one is yet logged in, use the
// system or browser default
TextDomain::configureForUser();
require_once INCLUDE_DIR . 'class.staff.php';
require_once INCLUDE_DIR . 'class.csrf.php';
$content = Page::lookup(Page::getIdByType('banner-staff'));
$dest = $_SESSION['_staff']['auth']['dest'];
$msg = $_SESSION['_staff']['auth']['msg'];
$msg = $msg ?: ($content ? $content->getName() : __('Authentication Required'));
$dest = $dest && (!strstr($dest, 'login.php') && !strstr($dest, 'ajax.php')) ? $dest : 'index.php';
$show_reset = false;
if ($_POST) {
// Check the CSRF token, and ensure that future requests will have to
// use a different CSRF token. This will help ward off both parallel and
// serial brute force attacks, because new tokens will have to be
// requested for each attempt.
if (!$ost->checkCSRFToken()) {
Http::response(400, __('Valid CSRF Token Required'));
/**
* Function: translate
*
* Convenience function to setup translation functions for other
* domains. This is of greatest benefit for plugins. This will return
* two functions to perform the translations. The first will translate a
* single string, the second will translate a plural string.
*
* Parameters:
* $domain - (string) text domain. The location of the MO.php file
* will be (path)/LC_MESSAGES/(locale)/(domain).mo.php. The (path)
* can be set via the $options parameter
* $options - (array<string:mixed>) Extra options for the setup
* "path" - (string) path to the folder containing the LC_MESSAGES
* folder. The (locale) setting is set externally respective to
* the user. If this is not set, the directory of the caller is
* assumed, plus '/i18n'. This is geared for plugins to be
* built with i18n content inside the '/i18n/' folder.
*
* Returns:
* Translation utility functions which mimic the __() and _N()
* functions. Note that two functions are returned. Capture them with a
* PHP list() construct.
*
* Caveats:
* When desiging plugins which might be installed in versions of
* osTicket which don't provide this function, use this compatibility
* interface:
*
* // Provide compatibility function for versions of osTicket prior to
* // translation support (v1.9.4)
* function translate($domain) {
* if (!method_exists('Plugin', 'translate')) {
* return array(
* function($x) { return $x; },
* function($x, $y, $n) { return $n != 1 ? $y : $x; },
* );
* }
* return Plugin::translate($domain);
* }
*/
static function translate($domain, $options = array())
{
// Configure the path for the domain. If no
$path = @$options['path'];
if (!$path) {
# Fetch the working path of the caller
$bt = debug_backtrace(false);
$path = dirname($bt[0]["file"]) . '/i18n';
}
$path = rtrim($path, '/') . '/';
$D = TextDomain::lookup($domain);
$D->setPath($path);
$trans = $D->getTranslation();
return array(function ($msgid) use($trans) {
return $trans->translate($msgid);
}, function ($singular, $plural, $n) use($trans) {
return $trans->ngettext($singular, $plural, $n);
});
}
function updateProfile($vars, &$errors)
{
global $cfg;
$vars['firstname'] = Format::striptags($vars['firstname']);
$vars['lastname'] = Format::striptags($vars['lastname']);
if ($this->getId() != $vars['id']) {
$errors['err'] = __('Internal error occurred');
}
if (!$vars['firstname']) {
$errors['firstname'] = __('First name is required');
}
if (!$vars['lastname']) {
$errors['lastname'] = __('Last name is required');
}
if (!$vars['email'] || !Validator::is_valid_email($vars['email'])) {
$errors['email'] = __('Valid email is required');
} elseif (Email::getIdByEmail($vars['email'])) {
$errors['email'] = __('Already in-use as system email');
} elseif (($uid = Staff::getIdByEmail($vars['email'])) && $uid != $this->getId()) {
$errors['email'] = __('Email already in-use by another agent');
}
if ($vars['phone'] && !Validator::is_phone($vars['phone'])) {
$errors['phone'] = __('Valid phone number is required');
}
if ($vars['mobile'] && !Validator::is_phone($vars['mobile'])) {
$errors['mobile'] = __('Valid phone number is required');
}
if ($vars['passwd1'] || $vars['passwd2'] || $vars['cpasswd']) {
if (!$vars['passwd1']) {
$errors['passwd1'] = __('New password is required');
} elseif ($vars['passwd1'] && strlen($vars['passwd1']) < 6) {
$errors['passwd1'] = __('Password must be at least 6 characters');
} elseif ($vars['passwd1'] && strcmp($vars['passwd1'], $vars['passwd2'])) {
$errors['passwd2'] = __('Passwords do not match');
}
if ($rtoken = $_SESSION['_staff']['reset-token']) {
$_config = new Config('pwreset');
if ($_config->get($rtoken) != $this->getId()) {
$errors['err'] = __('Invalid reset token. Logout and try again');
} elseif (!($ts = $_config->lastModified($rtoken)) && $cfg->getPwResetWindow() < time() - strtotime($ts)) {
$errors['err'] = __('Invalid reset token. Logout and try again');
}
} elseif (!$vars['cpasswd']) {
$errors['cpasswd'] = __('Current password is required');
} elseif (!$this->cmp_passwd($vars['cpasswd'])) {
$errors['cpasswd'] = __('Invalid current password!');
} elseif (!strcasecmp($vars['passwd1'], $vars['cpasswd'])) {
$errors['passwd1'] = __('New password MUST be different from the current password!');
}
}
if (!$vars['timezone_id']) {
$errors['timezone_id'] = __('Time zone selection is required');
}
if ($vars['default_signature_type'] == 'mine' && !$vars['signature']) {
$errors['default_signature_type'] = __("You don't have a signature");
}
if ($errors) {
return false;
}
$this->config->set('lang', $vars['lang']);
$_SESSION['staff:lang'] = null;
TextDomain::configureForUser($this);
$sql = 'UPDATE ' . STAFF_TABLE . ' SET updated=NOW() ' . ' ,firstname=' . db_input($vars['firstname']) . ' ,lastname=' . db_input($vars['lastname']) . ' ,email=' . db_input($vars['email']) . ' ,phone="' . db_input(Format::phone($vars['phone']), false) . '"' . ' ,phone_ext=' . db_input($vars['phone_ext']) . ' ,mobile="' . db_input(Format::phone($vars['mobile']), false) . '"' . ' ,signature=' . db_input(Format::sanitize($vars['signature'])) . ' ,timezone_id=' . db_input($vars['timezone_id']) . ' ,daylight_saving=' . db_input(isset($vars['daylight_saving']) ? 1 : 0) . ' ,show_assigned_tickets=' . db_input(isset($vars['show_assigned_tickets']) ? 1 : 0) . ' ,max_page_size=' . db_input($vars['max_page_size']) . ' ,auto_refresh_rate=' . db_input($vars['auto_refresh_rate']) . ' ,default_signature_type=' . db_input($vars['default_signature_type']) . ' ,default_paper_size=' . db_input($vars['default_paper_size']);
if ($vars['passwd1']) {
$sql .= ' ,change_passwd=0, passwdreset=NOW(), passwd=' . db_input(Passwd::hash($vars['passwd1']));
$info = array('password' => $vars['passwd1']);
Signal::send('auth.pwchange', $this, $info);
$this->cancelResetTokens();
}
$sql .= ' WHERE staff_id=' . db_input($this->getId());
//echo $sql;
return db_query($sql);
}
function _NL($msgid, $plural, $n, $locale)
{
return TextDomain::lookup()->getTranslation($locale)->ngettext($msgid, $plural, is_numeric($n) ? $n : 1);
}
function _dcnpgettext($domain, $context, $singular, $plural, $category, $n)
{
return TextDomain::lookup($domain)->getTranslation($category)->npgettext($context, $singular, $plural, $n);
}
static function setLocale($category, $locale)
{
if ($locale === 0) {
// use === to differentiate between string "0"
if (self::$current_locale != '') {
return self::$current_locale;
} else {
// obey LANG variable, maybe extend to support all of LC_* vars
// even if we tried to read locale without setting it first
return self::setLocale($category, self::$current_locale);
}
} else {
if (function_exists('setlocale')) {
$ret = setlocale($category, $locale);
if ($locale == '' and !$ret or $locale != '' and $ret != $locale) {
// failed setting it
// Failed setting it according to environment.
self::$current_locale = self::get_default_locale($locale);
} else {
self::$current_locale = $ret;
}
} else {
// No function setlocale(), emulate it all.
self::$current_locale = self::get_default_locale($locale);
}
return self::$current_locale;
}
}
