dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update user_edit.php

This commit is contained in:
FusionPBX 2016-08-09 16:13:56 -06:00 committed by GitHub
parent e32f82939d
commit 48b2b05f20
1 changed files with 250 additions and 254 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

504
core/user_settings/user_edit.php
View File

@ -23,17 +23,20 @@
Contributor(s): Contributor(s):
Mark J Crane <markjcrane@fusionpbx.com> Mark J Crane <markjcrane@fusionpbx.com>
*/ */
include "root.php";
require_once "resources/require.php";
require_once "resources/check_auth.php";
if (permission_exists("user_account_setting_view")) { //includes
//access granted include "root.php";
} require_once "resources/require.php";
else { require_once "resources/check_auth.php";
echo "access denied";
return; //check permissions
} if (permission_exists("user_account_setting_view")) {
//access granted
}
else {
echo "access denied";
return;
}
//add multi-lingual support //add multi-lingual support
$language = new text; $language = new text;
@ -74,196 +77,197 @@ else {
} }
} }
if (count($_POST)>0 && $_POST["persistform"] != "1") { //process http post data
if (count($_POST) > 0 && $_POST["persistform"] != "1") {
//get the HTTP values and set as variables
$password = check_str($_POST["password"]); //get the HTTP values and set as variables
$password_confirm = check_str($_POST["password_confirm"]); $password = check_str($_POST["password"]);
$user_status = check_str($_POST["user_status"]); $password_confirm = check_str($_POST["password_confirm"]);
$user_template_name = check_str($_POST["user_template_name"]); $user_status = check_str($_POST["user_status"]);
$user_language = check_str($_POST["user_language"]); $user_template_name = check_str($_POST["user_template_name"]);
$user_time_zone = check_str($_POST["user_time_zone"]); $user_language = check_str($_POST["user_language"]);
$group_member = check_str($_POST["group_member"]); $user_time_zone = check_str($_POST["user_time_zone"]);
$group_member = check_str($_POST["group_member"]);
//check required values
if ($password != $password_confirm) { $msg_error = $text['message-password_mismatch']; } //check required values
if ($password != $password_confirm) { $msg_error = $text['message-password_mismatch']; }
if ($msg_error != '') {
$_SESSION["message"] = $msg_error; if ($msg_error != '') {
$_SESSION["message_mood"] = 'negative'; $_SESSION["message"] = $msg_error;
header("Location: user_edit.php"); $_SESSION["message_mood"] = 'negative';
exit; header("Location: user_edit.php");
} exit;
if (!check_password_strength($password, $text)) {
header("Location: user_edit.php");
exit;
}
//check to see if user language is set
$sql = "select count(*) as num_rows from v_user_settings ";
$sql .= "where user_setting_category = 'domain' ";
$sql .= "and user_setting_subcategory = 'language' ";
$sql .= "and user_uuid = '".$user_uuid."' ";
$prep_statement = $db->prepare(check_sql($sql));
if ($prep_statement) {
$prep_statement->execute();
$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
if ($row['num_rows'] == 0) {
$user_setting_uuid = uuid();
$sql = "insert into v_user_settings ";
$sql .= "(";
$sql .= "domain_uuid, ";
$sql .= "user_setting_uuid, ";
$sql .= "user_setting_category, ";
$sql .= "user_setting_subcategory, ";
$sql .= "user_setting_name, ";
$sql .= "user_setting_value, ";
$sql .= "user_setting_enabled, ";
$sql .= "user_uuid ";
$sql .= ") ";
$sql .= "values ";
$sql .= "(";
$sql .= "'".$_SESSION["domain_uuid"]."', ";
$sql .= "'".$user_setting_uuid."', ";
$sql .= "'domain', ";
$sql .= "'language', ";
$sql .= "'code', ";
$sql .= "'".$user_language."', ";
$sql .= "'true', ";
$sql .= "'".$user_uuid."' ";
$sql .= ")";
$db->exec(check_sql($sql));
} }
else {
if (strlen($user_language) == 0) { if (!check_password_strength($password, $text)) {
$sql = "delete from v_user_settings "; header("Location: user_edit.php");
$sql .= "where user_setting_category = 'domain' "; exit;
$sql .= "and user_setting_subcategory = 'language' "; }
$sql .= "and user_uuid = '".$user_uuid."' ";
//check to see if user language is set
$sql = "select count(*) as num_rows from v_user_settings ";
$sql .= "where user_setting_category = 'domain' ";
$sql .= "and user_setting_subcategory = 'language' ";
$sql .= "and user_uuid = '".$user_uuid."' ";
$prep_statement = $db->prepare(check_sql($sql));
if ($prep_statement) {
$prep_statement->execute();
$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
if ($row['num_rows'] == 0) {
$user_setting_uuid = uuid();
$sql = "insert into v_user_settings ";
$sql .= "(";
$sql .= "domain_uuid, ";
$sql .= "user_setting_uuid, ";
$sql .= "user_setting_category, ";
$sql .= "user_setting_subcategory, ";
$sql .= "user_setting_name, ";
$sql .= "user_setting_value, ";
$sql .= "user_setting_enabled, ";
$sql .= "user_uuid ";
$sql .= ") ";
$sql .= "values ";
$sql .= "(";
$sql .= "'".$_SESSION["domain_uuid"]."', ";
$sql .= "'".$user_setting_uuid."', ";
$sql .= "'domain', ";
$sql .= "'language', ";
$sql .= "'code', ";
$sql .= "'".$user_language."', ";
$sql .= "'true', ";
$sql .= "'".$user_uuid."' ";
$sql .= ")";
$db->exec(check_sql($sql)); $db->exec(check_sql($sql));
unset($sql);
} }
else { else {
$sql = "update v_user_settings set "; if (strlen($user_language) == 0) {
$sql .= "user_setting_value = '".$user_language."', "; $sql = "delete from v_user_settings ";
$sql .= "user_setting_enabled = 'true' "; $sql .= "where user_setting_category = 'domain' ";
$sql .= "where user_setting_category = 'domain' "; $sql .= "and user_setting_subcategory = 'language' ";
$sql .= "and user_setting_subcategory = 'language' "; $sql .= "and user_uuid = '".$user_uuid."' ";
$sql .= "and user_uuid = '".$user_uuid."' "; $db->exec(check_sql($sql));
$db->exec(check_sql($sql)); unset($sql);
}
else {
$sql = "update v_user_settings set ";
$sql .= "user_setting_value = '".$user_language."', ";
$sql .= "user_setting_enabled = 'true' ";
$sql .= "where user_setting_category = 'domain' ";
$sql .= "and user_setting_subcategory = 'language' ";
$sql .= "and user_uuid = '".$user_uuid."' ";
$db->exec(check_sql($sql));
}
} }
} }
}
//check to see if user time_zone is set
//check to see if user time_zone is set $sql = "select count(*) as num_rows from v_user_settings ";
$sql = "select count(*) as num_rows from v_user_settings "; $sql .= "where user_setting_category = 'domain' ";
$sql .= "where user_setting_category = 'domain' "; $sql .= "and user_setting_subcategory = 'time_zone' ";
$sql .= "and user_setting_subcategory = 'time_zone' "; $sql .= "and user_uuid = '".$user_uuid."' ";
$sql .= "and user_uuid = '".$user_uuid."' "; $prep_statement = $db->prepare(check_sql($sql));
$prep_statement = $db->prepare(check_sql($sql)); if ($prep_statement) {
if ($prep_statement) { $prep_statement->execute();
$prep_statement->execute(); $row = $prep_statement->fetch(PDO::FETCH_ASSOC);
$row = $prep_statement->fetch(PDO::FETCH_ASSOC); if ($row['num_rows'] == 0) {
if ($row['num_rows'] == 0) { $user_setting_uuid = uuid();
$user_setting_uuid = uuid(); $sql = "insert into v_user_settings ";
$sql = "insert into v_user_settings "; $sql .= "(";
$sql .= "("; $sql .= "domain_uuid, ";
$sql .= "domain_uuid, "; $sql .= "user_setting_uuid, ";
$sql .= "user_setting_uuid, "; $sql .= "user_setting_category, ";
$sql .= "user_setting_category, "; $sql .= "user_setting_subcategory, ";
$sql .= "user_setting_subcategory, "; $sql .= "user_setting_name, ";
$sql .= "user_setting_name, "; $sql .= "user_setting_value, ";
$sql .= "user_setting_value, "; $sql .= "user_setting_enabled, ";
$sql .= "user_setting_enabled, "; $sql .= "user_uuid ";
$sql .= "user_uuid "; $sql .= ") ";
$sql .= ") "; $sql .= "values ";
$sql .= "values "; $sql .= "(";
$sql .= "("; $sql .= "'".$_SESSION["domain_uuid"]."', ";
$sql .= "'".$_SESSION["domain_uuid"]."', "; $sql .= "'".$user_setting_uuid."', ";
$sql .= "'".$user_setting_uuid."', "; $sql .= "'domain', ";
$sql .= "'domain', "; $sql .= "'time_zone', ";
$sql .= "'time_zone', "; $sql .= "'name', ";
$sql .= "'name', "; $sql .= "'".$user_time_zone."', ";
$sql .= "'".$user_time_zone."', "; $sql .= "'true', ";
$sql .= "'true', "; $sql .= "'".$user_uuid."' ";
$sql .= "'".$user_uuid."' "; $sql .= ")";
$sql .= ")";
$db->exec(check_sql($sql));
}
else {
if (strlen($user_time_zone) == 0) {
$sql = "delete from v_user_settings ";
$sql .= "where user_setting_category = 'domain' ";
$sql .= "and user_setting_subcategory = 'time_zone' ";
$sql .= "and user_uuid = '".$user_uuid."' ";
$db->exec(check_sql($sql)); $db->exec(check_sql($sql));
unset($sql);
} }
else { else {
$sql = "update v_user_settings set "; if (strlen($user_time_zone) == 0) {
$sql .= "user_setting_value = '".$user_time_zone."', "; $sql = "delete from v_user_settings ";
$sql .= "user_setting_enabled = 'true' "; $sql .= "where user_setting_category = 'domain' ";
$sql .= "where user_setting_category = 'domain' "; $sql .= "and user_setting_subcategory = 'time_zone' ";
$sql .= "and user_setting_subcategory = 'time_zone' "; $sql .= "and user_uuid = '".$user_uuid."' ";
$sql .= "and user_uuid = '".$user_uuid."' "; $db->exec(check_sql($sql));
$db->exec(check_sql($sql)); unset($sql);
}
else {
$sql = "update v_user_settings set ";
$sql .= "user_setting_value = '".$user_time_zone."', ";
$sql .= "user_setting_enabled = 'true' ";
$sql .= "where user_setting_category = 'domain' ";
$sql .= "and user_setting_subcategory = 'time_zone' ";
$sql .= "and user_uuid = '".$user_uuid."' ";
$db->exec(check_sql($sql));
}
} }
} }
}
//sql update
//sql update $sql = "update v_users set ";
$sql = "update v_users set "; if (strlen($password) > 0 && $password_confirm == $password) {
if (strlen($password) > 0 && $password_confirm == $password) { //salt used with the password to create a one way hash
//salt used with the password to create a one way hash $salt = generate_password('20', '4');
$salt = generate_password('20', '4'); //set the password
//set the password $sql .= "password = '".md5($salt.$password)."', ";
$sql .= "password = '".md5($salt.$password)."', "; $sql .= "salt = '".$salt."', ";
$sql .= "salt = '".$salt."', "; }
} $sql .= "user_status = '$user_status' ";
$sql .= "user_status = '$user_status' "; $sql .= "where domain_uuid = '$domain_uuid' ";
$sql .= "and user_uuid = '$user_uuid' ";
if (permission_exists("user_account_setting_edit")) {
$count = $db->exec(check_sql($sql));
}
//if call center app is installed then update the user_status
if (is_dir($_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/app/call_center')) {
//update the user_status
$fp = event_socket_create($_SESSION['event_socket_ip_address'], $_SESSION['event_socket_port'], $_SESSION['event_socket_password']);
$switch_cmd .= "callcenter_config agent set status ".$username."@".$_SESSION['domain_name']." '".$user_status."'";
$switch_result = event_socket_request($fp, 'api '.$switch_cmd);
//update the user state
$cmd = "api callcenter_config agent set state ".$username."@".$_SESSION['domain_name']." Waiting";
$response = event_socket_request($fp, $cmd);
}
//redirect the browser
$_SESSION["message"] = $text['confirm-update'];
header("Location: ".PROJECT_PATH."/core/user_settings/user_edit.php");
return;
}
else {
$sql = "select * from v_users ";
$sql .= "where domain_uuid = '$domain_uuid' "; $sql .= "where domain_uuid = '$domain_uuid' ";
$sql .= "and user_uuid = '$user_uuid' "; $sql .= "and user_uuid = '$user_uuid' ";
if (permission_exists("user_account_setting_edit")) { $sql .= "and user_enabled = 'true' ";
$count = $db->exec(check_sql($sql)); $prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
foreach ($result as $row) {
//$password = $row["password"];
$user_status = $row["user_status"];
break; //limit to 1 row
} }
//if call center app is installed then update the user_status //get the groups the user is a member of
if (is_dir($_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/app/call_center')) { //group_members function defined in config.php
//update the user_status $group_members = group_members($db, $user_uuid);
$fp = event_socket_create($_SESSION['event_socket_ip_address'], $_SESSION['event_socket_port'], $_SESSION['event_socket_password']);
$switch_cmd .= "callcenter_config agent set status ".$username."@".$_SESSION['domain_name']." '".$user_status."'";
$switch_result = event_socket_request($fp, 'api '.$switch_cmd);
//update the user state
$cmd = "api callcenter_config agent set state ".$username."@".$_SESSION['domain_name']." Waiting";
$response = event_socket_request($fp, $cmd);
}
//redirect the browser
$_SESSION["message"] = $text['confirm-update'];
header("Location: ".PROJECT_PATH."/core/user_settings/user_edit.php");
return;
}
else {
$sql = "select * from v_users ";
$sql .= "where domain_uuid = '$domain_uuid' ";
$sql .= "and user_uuid = '$user_uuid' ";
$sql .= "and user_enabled = 'true' ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
foreach ($result as $row) {
//$password = $row["password"];
$user_status = $row["user_status"];
break; //limit to 1 row
} }
//get the groups the user is a member of
//group_members function defined in config.php
$group_members = group_members($db, $user_uuid);
}
//include the header //include the header
require_once "resources/header.php"; require_once "resources/header.php";
@ -392,13 +396,66 @@ else {
echo " </td>"; echo " </td>";
echo " </tr>"; echo " </tr>";
echo "</table>";
echo "<br>";
echo "<br>";
echo "<table $table_width cellpadding='0' cellspacing='0'>";
echo " <tr>\n"; echo " <tr>\n";
echo " <th class='th' colspan='2' align='left'>".$text['table2-title']."</th>\n"; echo " <td width='20%' class=\"vncell\" valign='top'>\n";
echo " ".$text['label-user_language']."\n";
echo " </td>\n";
echo " <td class=\"vtable\" align='left'>\n";
echo " <select id='user_language' name='user_language' class='formfld' style=''>\n";
echo " <option value=''></option>\n";
//get all language codes from database
$sql = "select * from v_languages order by language asc";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
foreach ($result as &$row) {
$language_codes[$row["code"]] = $row["language"];
}
unset($prep_statement, $result, $row);
foreach ($_SESSION['app']['languages'] as $code) {
$selected = ($code == $user_settings['domain']['language']['code']) ? "selected='selected'" : null;
echo " <option value='".$code."' ".$selected.">".$language_codes[$code]." [".$code."]</option>\n";
}
echo " </select>\n";
echo " <br />\n";
echo " ".$text['description-user_language']."<br />\n";
echo " </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td width='20%' class=\"vncell\" valign='top'>\n";
echo " ".$text['label-time']."\n";
echo " </td>\n";
echo " <td class=\"vtable\" align='left'>\n";
echo " <select id='user_time_zone' name='user_time_zone' class='formfld' style=''>\n";
echo " <option value=''></option>\n";
//$list = DateTimeZone::listAbbreviations();
$time_zone_identifiers = DateTimeZone::listIdentifiers();
$previous_category = '';
$x = 0;
foreach ($time_zone_identifiers as $key => $row) {
$time_zone = explode("/", $row);
$category = $time_zone[0];
if ($category != $previous_category) {
if ($x > 0) {
echo " </optgroup>\n";
}
echo " <optgroup label='".$category."'>\n";
}
if ($row == $user_settings['domain']['time_zone']['name']) {
echo " <option value='".$row."' selected='selected'>".$row."</option>\n";
}
else {
echo " <option value='".$row."'>".$row."</option>\n";
}
$previous_category = $category;
$x++;
}
echo " </select>\n";
echo " <br />\n";
echo " ".$text['description-timezone']."<br />\n";
echo " </td>\n";
echo " </tr>\n"; echo " </tr>\n";
if ($_SESSION['user_status_display'] == "false") { if ($_SESSION['user_status_display'] == "false") {
@ -449,80 +506,19 @@ else {
echo " </tr>\n"; echo " </tr>\n";
} }
echo " <tr>\n";
echo " <td width='20%' class=\"vncell\" valign='top'>\n";
echo " ".$text['label-user_language']."\n";
echo " </td>\n";
echo " <td class=\"vtable\" align='left'>\n";
echo " <select id='user_language' name='user_language' class='formfld' style=''>\n";
echo " <option value=''></option>\n";
//get all language codes from database
$sql = "select * from v_languages order by language asc";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
foreach ($result as &$row) {
$language_codes[$row["code"]] = $row["language"];
}
unset($prep_statement, $result, $row);
foreach ($_SESSION['app']['languages'] as $code) {
$selected = ($code == $user_settings['domain']['language']['code']) ? "selected='selected'" : null;
echo " <option value='".$code."' ".$selected.">".$language_codes[$code]." [".$code."]</option>\n";
}
echo " </select>\n";
echo " <br />\n";
echo " ".$text['description-user_language']."<br />\n";
echo " </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td width='20%' class=\"vncell\" valign='top'>\n";
echo " ".$text['label-time']."\n";
echo " </td>\n";
echo " <td class=\"vtable\" align='left'>\n";
echo " <select id='user_time_zone' name='user_time_zone' class='formfld' style=''>\n";
echo " <option value=''></option>\n";
//$list = DateTimeZone::listAbbreviations();
$time_zone_identifiers = DateTimeZone::listIdentifiers();
$previous_category = '';
$x = 0;
foreach ($time_zone_identifiers as $key => $row) {
$time_zone = explode("/", $row);
$category = $time_zone[0];
if ($category != $previous_category) {
if ($x > 0) {
echo " </optgroup>\n";
}
echo " <optgroup label='".$category."'>\n";
}
if ($row == $user_settings['domain']['time_zone']['name']) {
echo " <option value='".$row."' selected='selected'>".$row."</option>\n";
}
else {
echo " <option value='".$row."'>".$row."</option>\n";
}
$previous_category = $category;
$x++;
}
echo " </select>\n";
echo " <br />\n";
echo " ".$text['description-timezone']."<br />\n";
echo " </td>\n";
echo " </tr>\n";
echo "</table>"; echo "</table>";
echo "<br />"; echo "<br />";
echo "<div align='right'><input type='button' class='btn' value='".$text['button-save']."' onclick=\"if (check_password_strength(document.getElementById('password').value)) { submit_form(); }\"></div>"; echo "<div align='right'><input type='button' class='btn' value='".$text['button-save']."' onclick=\"if (check_password_strength(document.getElementById('password').value)) { submit_form(); }\"></div>";
echo "<br />"; echo "<br />";
echo "</form>"; echo "</form>";
//capture enter key to submit form
echo "<script>\n"; echo "<script>\n";
//capture enter key to submit form
echo " $(window).keypress(function(event){\n"; echo " $(window).keypress(function(event){\n";
echo " if (event.which == 13) { submit_form(); }\n"; echo " if (event.which == 13) { submit_form(); }\n";
echo " });\n"; echo " });\n";
// convert password fields to text
// convert password fields to text
echo " function submit_form() {\n"; echo " function submit_form() {\n";
echo " $('input:password').css('visibility','hidden');\n"; echo " $('input:password').css('visibility','hidden');\n";
echo " $('input:password').attr({type:'text'});\n"; echo " $('input:password').attr({type:'text'});\n";
@ -533,4 +529,4 @@ else {
//include the footer //include the footer
require_once "resources/footer.php"; require_once "resources/footer.php";
?> ?>