$errors[] = no_field("form.field.password");
}
if ($password != $passwordConfirm) {
$errors[] = getlocal("my_settings.error.password_match");
}
$existing_operator = operator_by_login($login);
if (!$opId && $existing_operator || $opId && $existing_operator && $opId != $existing_operator['operatorid']) {
$errors[] = getlocal("page_agent.error.duplicate_login");
}
$canmodify = $opId == $operator['operatorid'] && is_capable($can_modifyprofile, $operator) || is_capable($can_administrate, $operator);
if (!$canmodify) {
$errors[] = getlocal('page_agent.cannot_modify');
}
if (count($errors) == 0) {
if (!$opId) {
$newop = create_operator($login, $email, $password, $localname, $commonname, "");
header("Location: {$webimroot}/operator/avatar.php?op=" . $newop['operatorid']);
exit;
} else {
update_operator($opId, $login, $email, $password, $localname, $commonname);
header("Location: {$webimroot}/operator/operator.php?op={$opId}&stored");
exit;
}
} else {
$page['formlogin'] = topage($login);
$page['formname'] = topage($localname);
$page['formemail'] = topage($email);
$page['formcommonname'] = topage($commonname);
$page['opid'] = topage($opId);
}
} else {
$errors[] = no_field("form.field.password");
}
if ($password != $passwordConfirm) {
$errors[] = getlocal("my_settings.error.password_match");
}
$existing_operator = operator_by_login($login);
if (!$opId && $existing_operator || $opId && $existing_operator && $opId != $existing_operator['operatorid']) {
$errors[] = getlocal("page_agent.error.duplicate_login");
}
$canmodify = $opId == $operator['operatorid'] && is_capable($can_modifyprofile, $operator) || is_capable($can_administrate, $operator);
if (!$canmodify) {
$errors[] = getlocal('page_agent.cannot_modify');
}
if (count($errors) == 0) {
if (!$opId) {
$newop = create_operator($login, $email, $jabber, $password, $localname, $commonname, $jabbernotify ? 1 : 0, "");
header("Location: {$webimroot}/operator/avatar.php?op=" . $newop['operatorid']);
exit;
} else {
update_operator($opId, $login, $email, $jabber, $password, $localname, $commonname, $jabbernotify ? 1 : 0);
// update the session password
if (!empty($password) && $opId == $operator['operatorid']) {
$toDashboard = $operator['vcpassword'] == md5('') && $password != '';
$_SESSION["{$mysqlprefix}operator"]['vcpassword'] = md5($password);
if ($toDashboard) {
header("Location: {$webimroot}/operator/index.php");
exit;
}
}
header("Location: {$webimroot}/operator/operator.php?op={$opId}&stored");
exit;
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\OperatorController::showEditFormAction()} method.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
*/
public function submitFormAction(Request $request)
{
csrf_check_token($request);
$errors = array();
$operator = $this->getOperator();
$op_id = $request->attributes->getInt('operator_id');
$login = $request->request->get('login');
$email = $request->request->get('email');
$password = $request->request->get('password');
$password_confirm = $request->request->get('passwordConfirm');
$local_name = $request->request->get('name');
$common_name = $request->request->get('commonname');
$code = $request->request->get('code');
if (!$local_name) {
$errors[] = no_field('Name');
}
if (!$common_name) {
$errors[] = no_field('International name (Latin)');
}
// The login is needed only for new operators. If login is changed for
// existing operator the stored password hash becomes invalid.
if (!$op_id) {
if (!$login) {
$errors[] = no_field('Login');
} elseif (!preg_match("/^[\\w_\\.]+\$/", $login)) {
$errors[] = getlocal('Login should contain only latin characters, numbers and underscore symbol.');
}
}
if (!$email || !MailUtils::isValidAddress($email)) {
$errors[] = wrong_field('E-mail');
}
if ($code && !preg_match("/^[A-Za-z0-9_]+\$/", $code)) {
$errors[] = getlocal('Code should contain only latin characters, numbers and underscore symbol.');
}
if (!$op_id && !$password) {
$errors[] = no_field('Password');
}
if ($password != $password_confirm) {
$errors[] = getlocal('Entered passwords do not match');
}
$existing_operator = operator_by_login($login);
$duplicate_login = !$op_id && $existing_operator || $op_id && $existing_operator && $op_id != $existing_operator['operatorid'];
if ($duplicate_login) {
$errors[] = getlocal('Please choose another login because an operator with that login is already registered in the system.');
}
// Check if operator with specified email already exists in the database.
$existing_operator = operator_by_email($email);
$duplicate_email = !$op_id && $existing_operator || $op_id && $existing_operator && $op_id != $existing_operator['operatorid'];
if ($duplicate_email) {
$errors[] = getlocal('Please choose another email because an operator with that email is already registered in the system.');
}
if (count($errors) != 0) {
$request->attributes->set('errors', $errors);
// The form should be rebuild. Invoke appropriate action.
return $this->showFormAction($request);
}
if (!$op_id) {
// Create new operator and redirect the current operator to avatar
// page.
$new_operator = create_operator($login, $email, $password, $local_name, $common_name, '', $code);
$redirect_to = $this->generateUrl('operator_avatar', array('operator_id' => $new_operator['operatorid']));
return $this->redirect($redirect_to);
}
// Mix old operator's fields with updated values
$target_operator = array('vcemail' => $email, 'vclocalename' => $local_name, 'vccommonname' => $common_name, 'code' => $code) + operator_by_id($op_id);
// Set the password only if it's not an empty string.
if ($password !== '') {
$target_operator['vcpassword'] = calculate_password_hash($target_operator['vclogin'], $password);
}
// Update operator's fields in the database.
update_operator($target_operator);
// Operator's data are cached in the authentication manager, thus we need
// to manually update them.
if ($target_operator['operatorid'] == $operator['operatorid']) {
// Check if the admin has set his password for the first time.
$to_dashboard = check_password_hash($operator['vclogin'], '', $operator['vcpassword']) && $password != '';
// Update operator's fields.
$this->getAuthenticationManager()->setOperator($target_operator);
// Redirect the admin to the home page if needed.
if ($to_dashboard) {
return $this->redirect($this->generateUrl('home_operator'));
}
}
// Redirect the operator to edit page again to use GET method instead of
// POST.
$redirect_to = $this->generateUrl('operator_edit', array('operator_id' => $op_id, 'stored' => true));
return $this->redirect($redirect_to);
}
