public function save_user($user_id, $data, $from_public = false) { $use_master_key = $this->get_contact_master_key(); if ($from_public) { $user_id = 0; } else { if ($use_master_key && isset($data[$use_master_key]) && $data[$use_master_key]) { if (!module_user::can_i('edit', 'Contacts', 'Customer')) { set_error('Unable to edit contacts.'); return false; } } else { if (!self::can_i('edit', 'Users', 'Config')) { set_error('Unable to edit users.'); return false; } } $user_id = (int) $user_id; } $temp_user = array(); if ($user_id > 0) { // check permissions $temp_user = $this->get_user($user_id, true, false); if (!$temp_user || $temp_user['user_id'] != $user_id || isset($temp_user['_perms'])) { $user_id = false; } } if (!$user_id && !$from_public) { if ($use_master_key && isset($data[$use_master_key]) && $data[$use_master_key]) { if (!module_user::can_i('create', 'Contacts', 'Customer')) { set_error('Unable to create new contacts.'); return false; } } else { if (!self::can_i('create', 'Users', 'Config')) { set_error('Unable to create new users.'); return false; } } } else { if ($user_id == 1 && module_security::get_loggedin_id() != 1) { set_error('Sorry only the administrator can modify this account'); } } // check the customer id is valid assignment to someone who has these perms. if (!$from_public) { if (isset($data['customer_id']) && (int) $data['customer_id'] > 0) { $temp_customer = module_customer::get_customer($data['customer_id']); if (!$temp_customer || $temp_customer['customer_id'] != $data['customer_id']) { unset($data['customer_id']); } } if (isset($data['vendor_id']) && (int) $data['vendor_id'] > 0) { $temp_vendor = module_vendor::get_vendor($data['vendor_id']); if (!$temp_vendor || $temp_vendor['vendor_id'] != $data['vendor_id']) { unset($data['vendor_id']); } } } if (isset($data['password'])) { unset($data['password']); } // we do the password hash thing here. if (isset($data['password_new']) && strlen($data['password_new'])) { // an admin is trying to set the password for this account. // same permissions checks as on the user_admin_edit_login.php page if (!$user_id || isset($temp_user['password']) && !$temp_user['password'] || module_user::can_i('create', 'Users Passwords', 'Config') || isset($_REQUEST['reset_password']) && $_REQUEST['reset_password'] == module_security::get_auto_login_string($user_id)) { // we allow the admin to set a new password without typing in previous password. $data['password'] = $data['password_new']; } else { set_error('Sorry, no permissions to set a new password.'); } } else { if ($user_id && isset($data['password_new1']) && isset($data['password_new2']) && strlen($data['password_new1'])) { // the user is trying to change their password. // only do this if the user has edit password permissions and their password matches. if (module_user::can_i('edit', 'Users Passwords', 'Config') || $user_id == module_security::get_loggedin_id()) { if (isset($data['password_old']) && (md5($data['password_old']) == $temp_user['password'] || $data['password_old'] == $temp_user['password'])) { // correct old password // verify new password. if ($data['password_new1'] == $data['password_new2']) { $data['password'] = $data['password_new1']; } else { set_error('Verified password mismatch. Password unchanged.'); } } else { set_error('Old password does not match. Password unchanged.'); } } else { set_error('No permissions to change passwords'); } } } // and we finally hash our password if (isset($data['password']) && strlen($data['password']) > 0) { $data['password'] = md5($data['password']); // if you change md5 also change it in customer import. // todo - salt? meh. } $user_id = update_insert("user_id", $user_id, "user", $data); $use_master_key = $this->get_contact_master_key(); // this will be customer_id or supplier_id if ($use_master_key && (isset($data[$use_master_key]) && $data[$use_master_key])) { if ($user_id) { if (isset($data['customer_primary']) && $data['customer_primary']) { // update the customer/supplier to mark them as primary or not.. switch ($use_master_key) { case 'customer_id': module_customer::set_primary_user_id($data['customer_id'], $user_id); break; case 'vendor_id': module_vendor::set_primary_user_id($data['vendor_id'], $user_id); break; } } else { // check if this contact was the old customer/supplier primary and switch ($use_master_key) { case 'customer_id': $customer_data = module_customer::get_customer($data['customer_id']); if ($customer_data['primary_user_id'] == $user_id) { module_customer::set_primary_user_id($data['customer_id'], 0); } break; case 'vendor_id': $vendor_data = module_vendor::get_vendor($data['vendor_id']); if ($vendor_data['primary_user_id'] == $user_id) { module_vendor::set_primary_user_id($data['vendor_id'], 0); } break; } } } } if (!$from_public) { // hack for linked user accounts. if ($user_id && isset($data['link_customers']) && $data['link_customers'] == 'yes' && isset($data['link_user_ids']) && is_array($data['link_user_ids']) && isset($data['email']) && $data['email']) { $others = module_user::get_contacts(array('email' => $data['email'])); foreach ($data['link_user_ids'] as $link_user_id) { if (!(int) $link_user_id) { continue; } if ($link_user_id == $user_id) { continue; } // shouldnt happen foreach ($others as $other) { if ($other['user_id'] == $link_user_id) { // success! they'renot trying to hack us. $sql = "REPLACE INTO `" . _DB_PREFIX . "user_customer_rel` SET user_id = '" . (int) $link_user_id . "', customer_id = '" . (int) $other['customer_id'] . "', `primary` = " . (int) $user_id; query($sql); update_insert('user_id', $link_user_id, 'user', array('linked_parent_user_id' => $user_id)); } } } update_insert('user_id', $user_id, 'user', array('linked_parent_user_id' => $user_id)); } if ($user_id && isset($data['unlink']) && $data['unlink'] == 'yes') { $sql = "DELETE FROM `" . _DB_PREFIX . "user_customer_rel` WHERE user_id = '" . (int) $user_id . "'"; query($sql); update_insert('user_id', $user_id, 'user', array('linked_parent_user_id' => 0)); } handle_hook("address_block_save", $this, "physical", "user", "user_id", $user_id); handle_hook("address_block_save", $this, "postal", "user", "user_id", $user_id); if (class_exists('module_extra', false) && module_extra::is_plugin_enabled()) { module_extra::save_extras('user', 'user_id', $user_id); } // find current role / permissions $user_data = $this->get_user($user_id); $previous_user_roles = $user_data['roles']; $re_save_role_perms = false; // hack to support only 1 role (we may support multi-role in the future) // TODO: check we have permissions to set this role id, otherwise anyone can set their own role. if (isset($_REQUEST['role_id'])) { $sql = "DELETE FROM `" . _DB_PREFIX . "user_role` WHERE user_id = '" . (int) $user_id . "'"; query($sql); if ((int) $_REQUEST['role_id'] > 0) { if (!isset($previous_user_roles[$_REQUEST['role_id']])) { $re_save_role_perms = (int) $_REQUEST['role_id']; } $_REQUEST['role'] = array($_REQUEST['role_id'] => 1); } } // save users roles (support for multi roles in future - but probably will never happen) if (isset($_REQUEST['role']) && is_array($_REQUEST['role'])) { foreach ($_REQUEST['role'] as $role_id => $tf) { $this->add_user_to_role($user_id, $role_id); } } if ($re_save_role_perms) { // copy role permissiosn to user permissions $sql = "DELETE FROM `" . _DB_PREFIX . "user_perm` WHERE user_id = " . (int) $user_id; query($sql); // update - we are not relying on these permissions any more. // if the user has a role assigned, we use those permissions period // we ignore all permissions in the user_perm table if the user has a role. // if the user doesn't have a role, then we use these user_perm permissions. /*$security_role = module_security::get_security_role($re_save_role_perms); foreach($security_role['permissions'] as $security_permission_id => $d){ $sql = "INSERT INTO `"._DB_PREFIX."user_perm` SET user_id = ".(int)$user_id.", security_permission_id = '".(int)$security_permission_id."'"; foreach(module_security::$available_permissions as $perm){ $sql .= ", `".$perm."` = ".(int)$d[$perm]; } query($sql); }*/ } else { if (isset($_REQUEST['permission']) && is_array($_REQUEST['permission'])) { $sql = "DELETE FROM `" . _DB_PREFIX . "user_perm` WHERE user_id = '" . (int) $user_id . "'"; query($sql); // update permissions for this user. foreach ($_REQUEST['permission'] as $security_permission_id => $permissions) { $actions = array(); foreach (module_security::$available_permissions as $permission) { if (isset($permissions[$permission]) && $permissions[$permission]) { $actions[$permission] = 1; } } $sql = "REPLACE INTO `" . _DB_PREFIX . "user_perm` SET user_id = '" . (int) $user_id . "', security_permission_id = '" . (int) $security_permission_id . "' "; foreach ($actions as $permission => $tf) { $sql .= ", `" . mysql_real_escape_string($permission) . "` = 1"; } query($sql); } } } /*global $plugins; if($user_id && isset($data['user_type_id']) && $data['user_type_id'] == 1 && $data['site_id']){ // update the site. $plugins['site']->set_primary_user_id($data['site_id'],$user_id); }else{ //this use isn't (or isnt any more) the sites primary user. // unset this if he was the primary user before $site_data = $plugins['site']->get_site($data['site_id']); if(isset($site_data['primary_user_id']) && $site_data['primary_user_id'] == $user_id){ $plugins['site']->set_primary_user_id($data['site_id'],0); } }*/ // save the company information if it's available if (class_exists('module_company', false) && module_company::can_i('edit', 'Company') && module_company::is_enabled() && module_user::can_i('edit', 'User')) { if (isset($_REQUEST['available_user_company']) && is_array($_REQUEST['available_user_company'])) { $selected_companies = isset($_POST['user_company']) && is_array($_POST['user_company']) ? $_POST['user_company'] : array(); foreach ($_REQUEST['available_user_company'] as $company_id => $tf) { if (!isset($selected_companies[$company_id]) || !$selected_companies[$company_id]) { // remove user from this company module_company::delete_user($company_id, $user_id); } else { // add user to this company (if they are not already existing) module_company::add_user_to_company($company_id, $user_id); } } } } } module_cache::clear('user'); return $user_id; }
$customer_import = array('customer_name' => $callername, 'customer_extra' => array('Medium' => $referrermedium, 'Source' => $callsource, 'Campaign' => $utm_campaign, 'Content' => $utm_content, 'Term' => $utm_term, 'Query' => $keywords, 'Conversion URL' => $last_requested_url, 'IP Address' => $ip, 'Called In' => $datetime), 'address' => array('line_1' => '123 Test Street', 'line_2' => '', 'suburb' => $callercity, 'state' => $callerstate, 'post_code' => $callerzip), 'contact' => array('name' => $callername, 'last_name' => $callername, 'email' => $trackingnum, 'mobile' => $callernum)); include 'init.php'; // the UCM init code. $customer_id = $plugins['customer']->save_customer('new', array('customer_name' => $customer_import['customer_name'])); if (!$customer_id) { echo 'Failed to create customer'; exit; } if (!empty($customer_import['customer_extra'])) { foreach ($customer_import['customer_extra'] as $extra_key => $extra_val) { // Add the Medium extra field to that newly created customer $extra_db = array('extra_key' => $extra_key, 'extra' => $extra_val, 'owner_table' => 'customer', 'owner_id' => $customer_id); $extra_id = update_insert('extra_id', false, 'extra', $extra_db); } } if (!empty($customer_import['address'])) { // Save the address for the customer $customer_import['address']['owner_id'] = $customer_id; $customer_import['address']['owner_table'] = 'customer'; $customer_import['address']['address_type'] = 'physical'; module_address::save_address(false, $customer_import['address']); } if (!empty($customer_import['contact'])) { // add the contact details to this customer record $customer_import['contact']['customer_id'] = $customer_id; $contact_user_id = $plugins['user']->create_user($customer_import['contact'], 'signup'); if ($contact_user_id) { module_customer::set_primary_user_id($customer_id, $contact_user_id); } } echo "Created a customer with ID {$customer_id} and a contact with ID {$contact_user_id} ";
public static function handle_import_row($row, $debug, $add_to_group, $extra_options) { $debug_string = ''; if (!isset($row['name'])) { $row['name'] = ''; } if (!isset($row['url'])) { $row['url'] = ''; } if (isset($row['website_id']) && (int) $row['website_id'] > 0) { // check if this ID exists. $website = self::get_website($row['website_id']); if (!$website || $website['website_id'] != $row['website_id']) { $row['website_id'] = 0; } } if (!isset($row['website_id']) || !$row['website_id']) { $row['website_id'] = 0; } if (isset($row['name']) && strlen(trim($row['name']))) { // we have a website name! // search for a website based on name. $website = get_single('website', 'name', $row['name']); if ($website && $website['website_id'] > 0) { $row['website_id'] = $website['website_id']; } } else { if (isset($row['url'])) { $row['name'] = $row['url']; } } if (!$row['website_id'] && isset($row['url']) && strlen(trim($row['url']))) { // we have a url! find a match too. $website = get_single('website', 'url', $row['url']); if ($website && $website['website_id'] > 0) { $row['website_id'] = $website['website_id']; } } if (!strlen($row['name']) && !strlen($row['url'])) { $debug_string .= _l('No website data to import'); if ($debug) { echo $debug_string; } return false; } // duplicates. //print_r($extra_options);exit; if (isset($extra_options['duplicates']) && $extra_options['duplicates'] == 'ignore' && (int) $row['website_id'] > 0) { if ($debug) { $debug_string .= _l('Skipping import, duplicate of website %s', self::link_open($row['website_id'], true)); echo $debug_string; } // don't import duplicates return false; } $row['customer_id'] = 0; // todo - support importing of this id? nah if (isset($row['customer_name']) && strlen(trim($row['customer_name'])) > 0) { // check if this customer exists. $customer = get_single('customer', 'customer_name', $row['customer_name']); if ($customer && $customer['customer_id'] > 0) { $row['customer_id'] = $customer['customer_id']; $debug_string .= _l('Linked to customer %s', module_customer::link_open($row['customer_id'], true)) . ' '; } else { $debug_string .= _l('Create new customer: %s', htmlspecialchars($row['customer_name'])) . ' '; } } else { $debug_string .= _l('No customer') . ' '; } if ($row['website_id']) { $debug_string .= _l('Replace existing website: %s', self::link_open($row['website_id'], true)) . ' '; } else { $debug_string .= _l('Insert new website: %s', htmlspecialchars($row['url'])) . ' '; } $customer_primary_user_id = 0; if ($row['customer_id'] > 0 && isset($row['customer_contact_email']) && strlen(trim($row['customer_contact_email']))) { $users = module_user::get_users(array('customer_id' => $row['customer_id'] > 0)); foreach ($users as $user) { if (strtolower(trim($user['email'])) == strtolower(trim($row['customer_contact_email']))) { $customer_primary_user_id = $user['user_id']; $debug_string .= _l('Customer primary contact is: %s', module_user::link_open_contact($customer_primary_user_id, true)) . ' '; break; } } } if ($debug) { echo $debug_string; return true; } if (isset($extra_options['duplicates']) && $extra_options['duplicates'] == 'ignore' && $row['customer_id'] > 0) { // don't update customer record with new one. } else { if (isset($row['customer_name']) && strlen(trim($row['customer_name'])) > 0 || $row['customer_id'] > 0) { // update customer record with new one. $row['customer_id'] = update_insert('customer_id', $row['customer_id'], 'customer', $row); if (isset($row['customer_contact_fname']) || isset($row['customer_contact_email'])) { $data = array('customer_id' => $row['customer_id']); if (isset($row['customer_contact_fname'])) { $data['name'] = $row['customer_contact_fname']; } if (isset($row['customer_contact_lname'])) { $data['last_name'] = $row['customer_contact_lname']; } if (isset($row['customer_contact_email'])) { $data['email'] = $row['customer_contact_email']; } if (isset($row['customer_contact_phone'])) { $data['phone'] = $row['customer_contact_phone']; } $customer_primary_user_id = update_insert("user_id", $customer_primary_user_id, "user", $data); module_customer::set_primary_user_id($row['customer_id'], $customer_primary_user_id); } } } $website_id = (int) $row['website_id']; // check if this ID exists. $website = self::get_website($website_id); if (!$website || $website['website_id'] != $website_id) { $website_id = 0; } $website_id = update_insert("website_id", $website_id, "website", $row); // ad notes if possible if (isset($row['notes']) && strlen(trim($row['notes']))) { if (class_exists('module_note', false) && module_note::is_plugin_enabled()) { module_note::save_note(array('owner_table' => 'website', 'owner_id' => $website_id, 'note' => trim($row['notes']), 'note_time' => time())); } } // handle any extra fields. $extra = array(); foreach ($row as $key => $val) { if (!strlen(trim($val))) { continue; } if (strpos($key, 'extra:') !== false) { $extra_key = str_replace('extra:', '', $key); if (strlen($extra_key)) { $extra[$extra_key] = $val; } } } if ($extra) { foreach ($extra as $extra_key => $extra_val) { // does this one exist? $existing_extra = module_extra::get_extras(array('owner_table' => 'website', 'owner_id' => $website_id, 'extra_key' => $extra_key)); $extra_id = false; foreach ($existing_extra as $key => $val) { if ($val['extra_key'] == $extra_key) { $extra_id = $val['extra_id']; } } $extra_db = array('extra_key' => $extra_key, 'extra' => $extra_val, 'owner_table' => 'website', 'owner_id' => $website_id); $extra_id = (int) $extra_id; update_insert('extra_id', $extra_id, 'extra', $extra_db); } } foreach ($add_to_group as $group_id => $tf) { module_group::add_to_group($group_id, $website_id, 'website'); } return $website_id; }