Portions created by the Initial Developer are Copyright (C) 2008-2013 the Initial Developer. All Rights Reserved. Contributor(s): Mark J Crane Luis Daniel Lucio Quiroz */ include "root.php"; require_once "resources/require.php"; require_once "resources/check_auth.php"; if (permission_exists("user_add") || permission_exists("user_edit") || permission_exists("user_delete") || if_group("superadmin")) { //access allowed } else { echo "access denied"; return; } //add multi-lingual support $language = new text; $text = $language->get(); //get data from the db if (strlen($_REQUEST["id"]) > 0) { $user_uuid = $_REQUEST["id"]; } //required to be a superadmin to update an account that is a member of the superadmin group $superadmins = superadmin_list($db); if (if_superadmin($superadmins, $user_uuid)) { if (!if_group("superadmin")) { echo "access denied"; exit; } } //delete the group from the user if ($_GET["a"] == "delete" && permission_exists("user_delete")) { //set the variables $group_uuid = check_str($_GET["group_uuid"]); //delete the group from the users $sql = "delete from v_group_users where 1 = 1 "; $sql .= "and group_uuid = '".$group_uuid."' "; $sql .= "and user_uuid = '".$user_uuid."' "; $db->exec(check_sql($sql)); //redirect the user $_SESSION["message"] = $text['message-update']; header("Location: usersupdate.php?id=".$user_uuid); return; } //get the user settings $sql = "select * from v_user_settings "; $sql .= "where user_uuid = '".$user_uuid."' "; $sql .= "and user_setting_enabled = 'true' "; $prep_statement = $db->prepare($sql); if ($prep_statement) { $prep_statement->execute(); $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); foreach($result as $row) { $name = $row['user_setting_name']; $category = $row['user_setting_category']; $subcategory = $row['user_setting_subcategory']; if (strlen($subcategory) == 0) { //$$category[$name] = $row['domain_setting_value']; $user_settings[$category][$name] = $row['user_setting_value']; } else { $user_settings[$category][$subcategory][$name] = $row['user_setting_value']; } } } if (count($_POST) > 0 && $_POST["persistform"] != "1") { //get the HTTP values and set as variables $user_uuid = $_REQUEST["id"]; $domain_uuid = check_str($_POST["domain_uuid"]); $username_old = check_str($_POST["username_old"]); $username = check_str($_POST["username"]); $password = check_str($_POST["password"]); $confirm_password = check_str($_POST["confirm_password"]); $user_status = check_str($_POST["user_status"]); $user_language = check_str($_POST["user_language"]); $user_time_zone = check_str($_POST["user_time_zone"]); $contact_uuid = check_str($_POST["contact_uuid"]); $group_member = check_str($_POST["group_member"]); $user_enabled = check_str($_POST["user_enabled"]); $api_key = check_str($_POST["api_key"]); //check required values if ($username != $username_old) { $sql = "select count(*) as num_rows from v_users where domain_uuid = '".$domain_uuid."' and username = '".$username."'"; $prep_statement = $db->prepare(check_sql($sql)); if ($prep_statement) { $prep_statement->execute(); $row = $prep_statement->fetch(PDO::FETCH_ASSOC); if (0 < $row['num_rows']) { $msg_error = $text['message-username_exists']; } } unset($sql); } if ($password != $confirm_password) { $msg_error = $text['message-password_mismatch']; } if ($msg_error) { $_SESSION["message"] = $msg_error; $_SESSION["message_mood"] = 'negative'; header("Location: usersupdate.php?id=".$user_uuid); exit; } //check to see if user language is set $sql = "select count(*) as num_rows from v_user_settings "; $sql .= "where user_setting_category = 'domain' "; $sql .= "and user_setting_subcategory = 'language' "; $sql .= "and user_uuid = '".$user_uuid."' "; $prep_statement = $db->prepare(check_sql($sql)); if ($prep_statement) { $prep_statement->execute(); $row = $prep_statement->fetch(PDO::FETCH_ASSOC); if ($row['num_rows'] == 0) { $user_setting_uuid = uuid(); $sql = "insert into v_user_settings "; $sql .= "("; $sql .= "domain_uuid, "; $sql .= "user_setting_uuid, "; $sql .= "user_setting_category, "; $sql .= "user_setting_subcategory, "; $sql .= "user_setting_name, "; $sql .= "user_setting_value, "; $sql .= "user_setting_enabled, "; $sql .= "user_uuid "; $sql .= ") "; $sql .= "values "; $sql .= "("; $sql .= "'".$domain_uuid."', "; $sql .= "'".$user_setting_uuid."', "; $sql .= "'domain', "; $sql .= "'language', "; $sql .= "'code', "; $sql .= "'".$user_language."', "; $sql .= "'true', "; $sql .= "'".$user_uuid."' "; $sql .= ")"; $db->exec(check_sql($sql)); } else { if (strlen($user_language) == 0) { $sql = "delete from v_user_settings "; $sql .= "where user_setting_category = 'domain' "; $sql .= "and user_setting_subcategory = 'language' "; $sql .= "and user_uuid = '".$user_uuid."' "; $db->exec(check_sql($sql)); unset($sql); } else { $sql = "update v_user_settings set "; $sql .= "user_setting_value = '".$user_language."', "; $sql .= "user_setting_enabled = 'true' "; $sql .= "where user_setting_category = 'domain' "; $sql .= "and user_setting_subcategory = 'language' "; $sql .= "and user_uuid = '".$user_uuid."' "; $db->exec(check_sql($sql)); } } } //get the number of rows in v_user_settings $sql = "select count(*) as num_rows from v_user_settings "; $sql .= "where user_setting_category = 'domain' "; $sql .= "and user_setting_subcategory = 'time_zone' "; $sql .= "and user_uuid = '".$user_uuid."' "; $prep_statement = $db->prepare(check_sql($sql)); if ($prep_statement) { $prep_statement->execute(); $row = $prep_statement->fetch(PDO::FETCH_ASSOC); if ($row['num_rows'] == 0) { $user_setting_uuid = uuid(); $sql = "insert into v_user_settings "; $sql .= "("; $sql .= "domain_uuid, "; $sql .= "user_setting_uuid, "; $sql .= "user_setting_category, "; $sql .= "user_setting_subcategory, "; $sql .= "user_setting_name, "; $sql .= "user_setting_value, "; $sql .= "user_setting_enabled, "; $sql .= "user_uuid "; $sql .= ") "; $sql .= "values "; $sql .= "("; $sql .= "'".$domain_uuid."', "; $sql .= "'".$user_setting_uuid."', "; $sql .= "'domain', "; $sql .= "'time_zone', "; $sql .= "'name', "; $sql .= "'".$user_time_zone."', "; $sql .= "'true', "; $sql .= "'".$user_uuid."' "; $sql .= ")"; $db->exec(check_sql($sql)); unset($sql); } else { if (strlen($user_time_zone) == 0) { $sql = "delete from v_user_settings "; $sql .= "where user_setting_category = 'domain' "; $sql .= "and user_setting_subcategory = 'time_zone' "; $sql .= "and user_uuid = '".$user_uuid."' "; $db->exec(check_sql($sql)); unset($sql); } else { $sql = "update v_user_settings set "; $sql .= "user_setting_value = '".$user_time_zone."', "; $sql .= "user_setting_enabled = 'true' "; $sql .= "where user_setting_category = 'domain' "; $sql .= "and user_setting_subcategory = 'time_zone' "; $sql .= "and user_uuid = '".$user_uuid."' "; $db->exec(check_sql($sql)); unset($sql); } } } //assign the user to the group if (strlen($_REQUEST["group_uuid_name"]) > 0) { $group_data = explode('|', $_REQUEST["group_uuid_name"]); $group_uuid = $group_data[0]; $group_name = $group_data[1]; $sql_insert = "insert into v_group_users "; $sql_insert .= "("; $sql_insert .= "group_user_uuid, "; $sql_insert .= "domain_uuid, "; $sql_insert .= "group_name, "; $sql_insert .= "group_uuid, "; $sql_insert .= "user_uuid "; $sql_insert .= ") "; $sql_insert .= "values "; $sql_insert .= "( "; $sql_insert .= "'".uuid()."', "; $sql_insert .= "'".$domain_uuid."', "; $sql_insert .= "'".$group_name."', "; $sql_insert .= "'".$group_uuid."', "; $sql_insert .= "'".$user_uuid."' "; $sql_insert .= ")"; //only a superadmin can add other superadmins or admins, admins can only add other admins switch ($group_name) { case "superadmin" : if (!if_group("superadmin")) { break; } case "admin" : if (!if_group("superadmin") && !if_group("admin")) { break; } default : $db->exec($sql_insert); } } //change domain_uuid in group users and user settings tables if (permission_exists('user_domain')) { $sql = "update v_group_users set "; $sql .= "domain_uuid = '".$domain_uuid."' "; $sql .= "where user_uuid = '".$user_uuid."' "; $db->exec(check_sql($sql)); $sql = "update v_user_settings set "; $sql .= "domain_uuid = '".$domain_uuid."' "; $sql .= "where user_uuid = '".$user_uuid."' "; $db->exec(check_sql($sql)); } //sql update $sql = "update v_users set "; if (permission_exists('user_domain')) { $sql .= "domain_uuid = '".$domain_uuid."', "; } if (strlen($username) > 0 && $username != $username_old) { $sql .= "username = '".$username."', "; } if (strlen($password) > 0 && $confirm_password == $password) { //salt used with the password to create a one way hash $salt = uuid(); //set the password $sql .= "password = '".md5($salt.$password)."', "; $sql .= "salt = '".$salt."', "; } if (strlen($api_key) > 0) { $sql .= "api_key = '".$api_key."', "; } else { $sql .= "api_key = null, "; } $sql .= "user_status = '".$user_status."', "; $sql .= "user_enabled = '".$user_enabled."', "; if (strlen($contact_uuid) == 0) { $sql .= "contact_uuid = null "; } else { $sql .= "contact_uuid = '".$contact_uuid."' "; } $sql .= "where 1 = 1 "; if (!permission_exists('user_domain')) { $sql .= "and domain_uuid = '".$domain_uuid."' "; } $sql .= "and user_uuid = '".$user_uuid."' "; $db->exec(check_sql($sql)); // if call center installed if (file_exists($_SERVER['DOCUMENT_ROOT'].PROJECT_PATH."/app/call_center/app_config.php")) { // update agent and tiers tables $sql = "update v_call_center_agents set agent_name = '".$username."' where domain_uuid = '".$domain_uuid."' and agent_name = '".$username_old."' "; $db->exec(check_sql($sql)); unset($sql); $sql = "update v_call_center_tiers set agent_name = '".$username."' where domain_uuid = '".$domain_uuid."' and agent_name = '".$username_old."' "; $db->exec(check_sql($sql)); unset($sql); //syncrhonize the configuration save_call_center_xml(); //update the user_status $fp = event_socket_create($_SESSION['event_socket_ip_address'], $_SESSION['event_socket_port'], $_SESSION['event_socket_password']); $switch_cmd .= "callcenter_config agent set status ".$username."@".$_SESSION['domains'][$domain_uuid]['domain_name']." '".$user_status."'"; $switch_result = event_socket_request($fp, 'api '.$switch_cmd); //update the user state $cmd = "api callcenter_config agent set state ".$username."@".$_SESSION['domains'][$domain_uuid]['domain_name']." Waiting"; $response = event_socket_request($fp, $cmd); } //redirect the browser $_SESSION["message"] = $text['message-update']; if ($_REQUEST['submit'] == $text['button-add']) { header("Location: usersupdate.php?id=".$user_uuid); } else { header("Location: index.php"); } return; } //pre-populate the form $sql = "select * from v_users "; $sql .= "where user_uuid = '".$user_uuid."' "; if (!permission_exists('user_all')) { $sql .= "and domain_uuid = '".$domain_uuid."' "; } $prep_statement = $db->prepare(check_sql($sql)); $prep_statement->execute(); $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); foreach ($result as &$row) { $domain_uuid = $row["domain_uuid"]; $user_uuid = $row["user_uuid"]; $username = $row["username"]; $password = $row["password"]; $api_key = $row["api_key"]; $user_enabled = $row["user_enabled"]; $contact_uuid = $row["contact_uuid"]; $user_status = $row["user_status"]; } //get the groups the user is a member of //group_members function defined in config.php $group_members = group_members($db, $user_uuid); //include the header require_once "resources/header.php"; $document['title'] = $text['title-user_edit']; //show the content $table_width ='width="100%"'; echo ""; echo "
"; echo ""; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "
".$text['header-user_edit']."\n"; echo " "; echo " "; echo "
\n"; echo " ".$text['description-user_edit']."\n"; echo "
\n"; echo "
\n"; echo ""; echo "\n"; echo " \n"; echo "\n"; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; if (permission_exists('user_domain')) { echo "\n"; echo "\n"; echo "\n"; echo "\n"; } else { echo ""; } echo " "; echo " "; echo " "; echo " "; echo "
".$text['label-user_info']."
".$text['label-username'].""; if (if_group("admin") || if_group("superadmin")) { echo " "; } else { echo " ".$username; } echo "
".$text['label-password']."
".$text['label-confirm_password']."
\n"; echo " ".$text['label-domain']."\n"; echo "\n"; echo " \n"; echo "
\n"; echo $text['description-domain_name']."\n"; echo "
".$text['label-groups'].""; $sql = "SELECT * FROM v_group_users "; $sql .= "where domain_uuid=:domain_uuid "; $sql .= "and user_uuid=:user_uuid "; $prep_statement = $db->prepare(check_sql($sql)); $prep_statement->bindParam(':domain_uuid', $domain_uuid); $prep_statement->bindParam(':user_uuid', $user_uuid); $prep_statement->execute(); $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); $result_count = count($result); if ($result_count > 0) { echo "\n"; foreach($result as $field) { if (strlen($field['group_name']) > 0) { echo "\n"; echo " \n"; if ($result_count > 1) { echo " \n"; } echo "\n"; $assigned_groups[] = $field['group_uuid']; } } echo "
".$field['group_name']."\n"; if (permission_exists('group_member_delete') || if_group("superadmin")) { echo " $v_link_label_delete\n"; } echo "
\n"; } unset($sql, $prep_statement, $result, $result_count); $sql = "SELECT * FROM v_groups "; $sql .= "where domain_uuid = '".$domain_uuid."' "; $sql .= "or domain_uuid is null "; if (sizeof($assigned_groups) > 0) { $sql .= "and group_uuid not in ('".implode("','",$assigned_groups)."') "; } $sql .= "order by group_name asc "; $prep_statement = $db->prepare(check_sql($sql)); $prep_statement->execute(); $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); $result_count = count($result); if ($result_count > 0) { echo "
\n"; echo ""; echo "\n"; } unset($sql, $prep_statement, $result); echo "
"; echo "
"; echo "
"; echo ""; echo " \n"; echo " \n"; echo " \n"; echo " "; echo " "; echo " "; echo " "; if ($_SESSION['user_status_display'] == "false") { //hide the user_status when it is set to false } else { echo " \n"; echo " \n"; echo " \n"; echo " \n"; } echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; if (file_exists($_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/app/api/app_config.php')) { echo " "; echo " "; echo " "; echo " "; } echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo " "; echo " "; echo " "; echo "
".$text['label-additional_info']."
".$text['label-contact']."\n"; $sql = " select contact_uuid, contact_organization, contact_name_given, contact_name_family from v_contacts "; $sql .= " where domain_uuid = '".$domain_uuid."' "; $sql .= " order by contact_organization desc, contact_name_family asc, contact_name_given asc "; $prep_statement = $db->prepare(check_sql($sql)); $prep_statement->execute(); $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); unset ($prep_statement, $sql); echo "\n"; echo "
\n"; echo $text['description-contact']."\n"; if (strlen($contact_uuid) > 0) { echo " ".$text['description-contact_view']."\n"; } echo "
\n"; echo " ".$text['label-status']."\n"; echo " \n"; $cmd = "'".PROJECT_PATH."/app/calls_active/v_calls_exec.php?cmd=callcenter_config+agent+set+status+".$username."@".$_SESSION['domains'][$domain_uuid]['domain_name']."+'+this.value"; echo " \n"; echo "
\n"; echo " ".$text['description-status']."
\n"; echo "
\n"; echo " ".$text['label-user_language']."\n"; echo " \n"; echo " \n"; echo "
\n"; echo " ".$text['description-user_language']."
\n"; echo "
\n"; echo " ".$text['label-time_zone']."\n"; echo " \n"; echo " \n"; echo "
\n"; echo " ".$text['description-time_zone']."
\n"; echo "
".$text['label-api_key']."\n"; echo " "; echo " "; if (strlen($text['description-api_key']) > 0) { echo "
".$text['description-api_key']."
\n"; } echo "
\n"; echo " ".$text['label-enabled']."\n"; echo "\n"; echo " \n"; echo "
\n"; echo $text['description-enabled']."\n"; echo "
"; echo " "; echo " "; echo "
"; echo " "; echo "
"; echo "

"; echo "
"; //include the footer require_once "resources/footer.php"; ?>