function update_user() { global $hesk_settings, $hesklang; /* A security check */ hesk_token_check('POST'); $_SESSION['save_userdata'] = TRUE; $tmp = intval(hesk_POST('userid')) or hesk_error("{$hesklang['int_error']}: {$hesklang['no_valid_id']}"); /* To edit self fore using "Profile" page */ if ($tmp == $_SESSION['id']) { hesk_process_messages($hesklang['eyou'], 'profile.php', 'NOTICE'); } $_SERVER['PHP_SELF'] = './manage_users.php?a=edit&id=' . $tmp; $myuser = hesk_validateUserInfo(0, $_SERVER['PHP_SELF']); $myuser['id'] = $tmp; /* Only active users can be assigned tickets. Also turn off all notifications */ if (!$myuser['active']) { $myuser['autoassign'] = 0; $myuser['notify_new_unassigned'] = 0; $myuser['notify_new_my'] = 0; $myuser['notify_reply_unassigned'] = 0; $myuser['notify_reply_my'] = 0; $myuser['notify_assigned'] = 0; $myuser['notify_pm'] = 0; $myuser['notify_note'] = 0; $myuser['notify_note_unassigned'] = 0; } /* Check for duplicate usernames */ $res = hesk_dbQuery("SELECT `id`,`isadmin`,`categories`,`heskprivileges` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user` = '" . hesk_dbEscape($myuser['user']) . "' LIMIT 1"); if (hesk_dbNumRows($res) == 1) { $tmp = hesk_dbFetchAssoc($res); /* Duplicate? */ if ($tmp['id'] != $myuser['id']) { hesk_process_messages($hesklang['duplicate_user'], $_SERVER['PHP_SELF']); } /* Do we have permission to edit this user? */ if (!compare_user_permissions($tmp['id'], $tmp['isadmin'], explode(',', $tmp['categories']), explode(',', $tmp['heskprivileges']))) { hesk_process_messages($hesklang['npea'], 'manage_users.php'); } } /* Admins will have access to all features and categories */ if ($myuser['isadmin']) { $myuser['categories'] = ''; $myuser['features'] = ''; } else { /* Categories and Features will be stored as a string */ $myuser['categories'] = implode(',', $myuser['categories']); $myuser['features'] = implode(',', $myuser['features']); /* Unassign tickets from categories that the user had access before but doesn't anymore */ hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`=0 WHERE `owner`='" . intval($myuser['id']) . "' AND `category` NOT IN (" . $myuser['categories'] . ")"); } // Find the list of categories they are manager of. If they no longer have access to the category, revoke their manager permission. if ($myuser['isadmin']) { // Admins can't be managers hesk_dbQuery('UPDATE `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'categories` SET `manager` = 0 WHERE `manager` = ' . intval($myuser['id'])); } else { $currentCatRs = hesk_dbQuery("SELECT `categories` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id` = '" . intval($myuser['id']) . "' LIMIT 1"); $rowOfCategories = hesk_dbFetchAssoc($currentCatRs); $cats = $rowOfCategories['categories']; $currentCategories = explode(',', $cats); $newCategories = explode(',', $myuser['categories']); // If any any elements are in current but not in new, add them to the revoke array $revokeCats = array(); foreach ($currentCategories as $currentCategory) { if (!in_array($currentCategory, $newCategories) && $currentCategory != '') { array_push($revokeCats, $currentCategory); } } if (count($revokeCats) > 0) { hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `manager` = 0 WHERE `id` IN (" . implode(',', $revokeCats) . ")"); } } hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET\n `user`='" . hesk_dbEscape($myuser['user']) . "',\n `name`='" . hesk_dbEscape($myuser['name']) . "',\n `email`='" . hesk_dbEscape($myuser['email']) . "',\n `signature`='" . hesk_dbEscape($myuser['signature']) . "'," . (isset($myuser['pass']) ? "`pass`='" . hesk_dbEscape($myuser['pass']) . "'," : '') . "\n `categories`='" . hesk_dbEscape($myuser['categories']) . "',\n `isadmin`='" . intval($myuser['isadmin']) . "',\n `active`='" . intval($myuser['active']) . "',\n `autoassign`='" . intval($myuser['autoassign']) . "',\n `heskprivileges`='" . hesk_dbEscape($myuser['features']) . "',\n `afterreply`='" . $myuser['afterreply'] . "' ,\n\t`autostart`='" . $myuser['autostart'] . "' ,\n\t`notify_customer_new`='" . $myuser['notify_customer_new'] . "' ,\n\t`notify_customer_reply`='" . $myuser['notify_customer_reply'] . "' ,\n\t`show_suggested`='" . $myuser['show_suggested'] . "' ,\n\t`notify_new_unassigned`='" . $myuser['notify_new_unassigned'] . "' ,\n\t`notify_new_my`='" . $myuser['notify_new_my'] . "' ,\n\t`notify_reply_unassigned`='" . $myuser['notify_reply_unassigned'] . "' ,\n\t`notify_reply_my`='" . $myuser['notify_reply_my'] . "' ,\n\t`notify_assigned`='" . $myuser['notify_assigned'] . "' ,\n\t`notify_pm`='" . $myuser['notify_pm'] . "',\n\t`notify_note`='" . $myuser['notify_note'] . "',\n\t`notify_note_unassigned`='" . $myuser['notify_note_unassigned'] . "',\n\t`autorefresh`=" . intval($myuser['autorefresh']) . ",\n\t`permission_template`=" . intval($myuser['template']) . "\n WHERE `id`='" . intval($myuser['id']) . "' LIMIT 1"); // If they are now inactive, remove any manager rights if (!$myuser['active']) { hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `manager` = 0 WHERE `manager` = " . intval($myuser['id'])); } unset($_SESSION['save_userdata']); unset($_SESSION['userdata']); hesk_process_messages($hesklang['user_profile_updated_success'], $_SERVER['PHP_SELF'], 'SUCCESS'); }
function update_user() { global $hesk_settings, $hesklang; /* A security check */ hesk_token_check('POST'); $_SESSION['save_userdata'] = TRUE; $tmp = intval(hesk_POST('userid')) or hesk_error("{$hesklang['int_error']}: {$hesklang['no_valid_id']}"); /* To edit self fore using "Profile" page */ if ($tmp == $_SESSION['id']) { hesk_process_messages($hesklang['eyou'], 'profile.php', 'NOTICE'); } $_SERVER['PHP_SELF'] = './manage_users.php?a=edit&id=' . $tmp; $myuser = hesk_validateUserInfo(0, $_SERVER['PHP_SELF']); $myuser['id'] = $tmp; /* If can't view assigned changes this */ if (in_array('can_view_unassigned', $myuser['features'])) { $sql_where = ""; } else { $sql_where = " , `notify_new_unassigned`='0', `notify_reply_unassigned`='0' "; } /* Check for duplicate usernames */ $res = hesk_dbQuery("SELECT `id`,`isadmin`,`categories`,`heskprivileges` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user` = '" . hesk_dbEscape($myuser['user']) . "' LIMIT 1"); if (hesk_dbNumRows($res) == 1) { $tmp = hesk_dbFetchAssoc($res); /* Duplicate? */ if ($tmp['id'] != $myuser['id']) { hesk_process_messages($hesklang['duplicate_user'], $_SERVER['PHP_SELF']); } /* Do we have permission to edit this user? */ if (!compare_user_permissions($tmp['id'], $tmp['isadmin'], explode(',', $tmp['categories']), explode(',', $tmp['heskprivileges']))) { hesk_process_messages($hesklang['npea'], 'manage_users.php'); } } /* Admins will have access to all features and categories */ if ($myuser['isadmin']) { $myuser['categories'] = ''; $myuser['features'] = ''; } else { /* Categories and Features will be stored as a string */ $myuser['categories'] = implode(',', $myuser['categories']); $myuser['features'] = implode(',', $myuser['features']); /* Unassign tickets from categories that the user had access before but doesn't anymore */ hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`=0 WHERE `owner`='" . intval($myuser['id']) . "' AND `category` NOT IN (" . $myuser['categories'] . ")"); } hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET\r\n `user`='" . hesk_dbEscape($myuser['user']) . "',\r\n `name`='" . hesk_dbEscape($myuser['name']) . "',\r\n `email`='" . hesk_dbEscape($myuser['email']) . "',\r\n `signature`='" . hesk_dbEscape($myuser['signature']) . "'," . (isset($myuser['pass']) ? "`pass`='" . hesk_dbEscape($myuser['pass']) . "'," : '') . "\r\n `categories`='" . hesk_dbEscape($myuser['categories']) . "',\r\n `isadmin`='" . intval($myuser['isadmin']) . "',\r\n `autoassign`='" . intval($myuser['autoassign']) . "',\r\n `heskprivileges`='" . hesk_dbEscape($myuser['features']) . "'\r\n {$sql_where}\r\n WHERE `id`='" . intval($myuser['id']) . "' LIMIT 1"); unset($_SESSION['save_userdata']); unset($_SESSION['userdata']); hesk_process_messages($hesklang['user_profile_updated_success'], $_SERVER['PHP_SELF'], 'SUCCESS'); }
function update_client() { global $hesk_settings, $hesklang; /* A security check */ hesk_token_check('POST'); $_SESSION['save_userdata'] = TRUE; $tmp = intval(hesk_POST('userid')) or hesk_error("{$hesklang['int_error']}: {$hesklang['no_valid_id']}"); /* To edit self fore using "Profile" page */ if ($tmp == $_SESSION['id']) { hesk_process_messages($hesklang['eyou'], 'profile.php', 'NOTICE'); } $_SERVER['PHP_SELF'] = './manage_users.php'; $myuser = hesk_validateUserInfo(0, $_SERVER['HTTP_REFERER']); $myuser['id'] = $tmp; $active = isset($_POST['prof_active']) ? $_POST['prof_active'] : "0"; /* Check for duplicate usernames */ if ($myuser['isclient'] == "1") { $res = hesk_dbQuery("SELECT `id`, `user`, `isclient` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "clients` WHERE `user` = '" . hesk_dbEscape($myuser['user']) . "' LIMIT 1"); if (hesk_dbNumRows($res) == 1) { $tmp = hesk_dbFetchAssoc($res); /* Duplicate? */ if ($tmp['id'] != $myuser['id']) { hesk_process_messages($hesklang['duplicate_user'], $_SERVER['HTTP_REFERER']); } } } $query = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "clients` SET\n\t`user`='" . hesk_dbEscape($myuser['user']) . "',\n `name`='" . hesk_dbEscape($myuser['name']) . "',\n `email`='" . hesk_dbEscape($myuser['email']) . "',\n `address`='" . hesk_dbEscape($myuser['address']) . "',\n `phonenumber`='" . hesk_dbEscape($myuser['phonenumber']) . "',\n `poz_detyres`='" . hesk_dbEscape($myuser['poz_detyres']) . "',\n `company_id`='" . hesk_dbEscape($myuser['company_id']) . "',\n `active`='" . hesk_dbEscape($active) . "'\n\t" . (isset($myuser['pass']) ? ", `pass`='" . hesk_dbEscape($myuser['pass']) . "'" : '') . "\n\t WHERE `id`=" . intval($myuser['id']) . " LIMIT 1"); $query2 = hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "contractforclient` WHERE `client_Id`='" . intval($myuser['id']) . "'"); foreach ($_POST['contract_id'] as $contract) { $sql = hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "contractforclient` (\n\t\t\t`contract_Id`, \n\t\t\t`client_Id`\n\t\t\t)\n\t\t\tVALUES(\n\t\t\t'" . hesk_dbEscape($contract) . "', \n\t\t\t'" . $myuser['id'] . "'\n\t\t\t)"); } unset($_SESSION['save_userdata']); unset($_SESSION['userdata']); hesk_process_messages($hesklang['user_profile_updated_success'], $_SERVER['PHP_SELF'], 'SUCCESS'); }