Bootswatch, Summernote, and Captcheck mods for Mods for HESK (mods-for-hesk.com). In use at support.netsyms.com.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

312 lines
13 KiB

5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
  1. <?php
  2. /**
  3. *
  4. * This file is part of HESK - PHP Help Desk Software.
  5. *
  6. * (c) Copyright Klemen Stirn. All rights reserved.
  7. * https://www.hesk.com
  8. *
  9. * For the full copyright and license agreement information visit
  10. * https://www.hesk.com/eula.php
  11. *
  12. */
  13. define('IN_SCRIPT', 1);
  14. define('HESK_PATH', '../');
  15. define('PAGE_TITLE', 'ADMIN_PROFILE');
  16. /* Get all the required files and functions */
  17. require(HESK_PATH . 'hesk_settings.inc.php');
  18. require(HESK_PATH . 'inc/common.inc.php');
  19. require(HESK_PATH . 'inc/admin_functions.inc.php');
  20. require(HESK_PATH . 'inc/profile_functions.inc.php');
  21. require(HESK_PATH . 'inc/mail_functions.inc.php');
  22. hesk_load_database_functions();
  23. hesk_session_start();
  24. hesk_dbConnect();
  25. hesk_isLoggedIn();
  26. /* Check permissions */
  27. $can_view_tickets = hesk_checkPermission('can_view_tickets', 0);
  28. $can_reply_tickets = hesk_checkPermission('can_reply_tickets', 0);
  29. $can_view_unassigned = hesk_checkPermission('can_view_unassigned', 0);
  30. /* Update profile? */
  31. if (!empty($_POST['action'])) {
  32. // Demo mode
  33. if (defined('HESK_DEMO')) {
  34. hesk_process_messages($hesklang['sdemo'], 'profile.php', 'NOTICE');
  35. }
  36. // Update profile
  37. update_profile();
  38. } else {
  39. $res = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id` = '" . intval($_SESSION['id']) . "' LIMIT 1");
  40. $tmp = hesk_dbFetchAssoc($res);
  41. foreach ($tmp as $k => $v) {
  42. if ($k == 'pass') {
  43. if ($v == '499d74967b28a841c98bb4baaabaad699ff3c079') {
  44. define('WARN_PASSWORD', true);
  45. }
  46. continue;
  47. } elseif ($k == 'categories') {
  48. continue;
  49. }
  50. $_SESSION['new'][$k] = $v;
  51. }
  52. }
  53. if (!isset($_SESSION['new']['username'])) {
  54. $_SESSION['new']['username'] = '';
  55. }
  56. /* Print header */
  57. require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
  58. /* Print admin navigation */
  59. require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
  60. ?>
  61. <section class="content">
  62. <div class="box">
  63. <div class="box-header with-border">
  64. <h1 class="box-title">
  65. <?php echo $hesklang['profile_for']; ?> <b><?php echo $_SESSION['new']['user']; ?></b>
  66. </h1>
  67. <div class="box-tools pull-right">
  68. <button type="button" class="btn btn-box-tool" data-widget="collapse">
  69. <i class="fa fa-minus"></i>
  70. </button>
  71. </div>
  72. </div>
  73. <div class="box-body">
  74. <?php echo $hesklang['req_marked_with']; ?> <span class="important">*</span>
  75. <?php
  76. /* This will handle error, success and notice messages */
  77. hesk_handle_messages();
  78. if (defined('WARN_PASSWORD')) {
  79. hesk_show_notice($hesklang['chdp2'], $hesklang['security']);
  80. }
  81. if ($hesk_settings['can_sel_lang']) {
  82. /* Update preferred language in the database? */
  83. if (isset($_GET['save_language'])) {
  84. $newlang = hesk_input(hesk_GET('language'));
  85. /* Only update if it's a valid language */
  86. if (isset($hesk_settings['languages'][$newlang])) {
  87. $newlang = ($newlang == HESK_DEFAULT_LANGUAGE) ? "NULL" : "'" . hesk_dbEscape($newlang) . "'";
  88. hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `language`=$newlang WHERE `id`='" . intval($_SESSION['id']) . "'");
  89. }
  90. }
  91. $str = '<form class="form-horizontal" role="form" method="get" action="profile.php">';
  92. $str .= '<input type="hidden" name="save_language" value="1" />';
  93. $str .= '<div class="form-group">';
  94. $str .= '<label for="language" class="col-sm-3 control-label">' . $hesklang['chol'] . ':</label>';
  95. if (!isset($_GET)) {
  96. $_GET = array();
  97. }
  98. foreach ($_GET as $k => $v) {
  99. if ($k == 'language' || $k == 'save_language') {
  100. continue;
  101. }
  102. $str .= '<input type="hidden" name="' . htmlentitieshesk_htmlentities($k) . '" value="' . hesk_htmlentities($v) . '" />';
  103. }
  104. $str .= '<div class="col-sm-9"><select class="form-control" name="language" onchange="this.form.submit()">';
  105. $str .= hesk_listLanguages(0);
  106. $str .= '</select></div>';
  107. $str .= '</div>'
  108. ?>
  109. <script language="javascript" type="text/javascript">
  110. document.write('<?php echo str_replace(array('"','<','=','>',"'"),array('\42','\74','\75','\76','\47'),$str . '</form>'); ?>');
  111. </script>
  112. <noscript>
  113. <?php
  114. echo $str . '<input type="submit" value="' . $hesklang['go'] . '" /></form>';
  115. ?>
  116. </noscript>
  117. <?php
  118. }
  119. ?>
  120. <form role="form" class="form-horizontal" method="post" action="profile.php" name="form1" data-toggle="validator">
  121. <?php hesk_profile_tab('new'); ?>
  122. </form>
  123. </div>
  124. </div>
  125. </section>
  126. <?php
  127. require_once(HESK_PATH . 'inc/footer.inc.php');
  128. exit();
  129. /*** START FUNCTIONS ***/
  130. function update_profile()
  131. {
  132. global $hesk_settings, $hesklang, $can_view_unassigned;
  133. /* A security check */
  134. hesk_token_check('POST');
  135. $sql_pass = '';
  136. $sql_username = '';
  137. $hesk_error_buffer = '';
  138. $_SESSION['new']['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_your_name'] . '</li>';
  139. $_SESSION['new']['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer = '<li>' . $hesklang['enter_valid_email'] . '</li>';
  140. $_SESSION['new']['signature'] = hesk_input(hesk_POST('signature'));
  141. /* Signature */
  142. if (strlen($_SESSION['new']['signature']) > 1000) {
  143. $hesk_error_buffer .= '<li>' . $hesklang['signature_long'] . '</li>';
  144. }
  145. /* Admins can change username */
  146. if ($_SESSION['isadmin']) {
  147. $_SESSION['new']['user'] = hesk_input(hesk_POST('user')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_username'] . '</li>';
  148. /* Check for duplicate usernames */
  149. $result = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user`='" . hesk_dbEscape($_SESSION['new']['user']) . "' AND `id`!='" . intval($_SESSION['id']) . "' LIMIT 1");
  150. if (hesk_dbNumRows($result) != 0) {
  151. $hesk_error_buffer .= '<li>' . $hesklang['duplicate_user'] . '</li>';
  152. } else {
  153. $sql_username = ",`user`='" . hesk_dbEscape($_SESSION['new']['user']) . "'";
  154. }
  155. }
  156. /* Change password? */
  157. $newpass = hesk_input(hesk_POST('newpass'));
  158. $passlen = strlen($newpass);
  159. if ($passlen > 0) {
  160. /* At least 5 chars? */
  161. if ($passlen < 5) {
  162. $hesk_error_buffer .= '<li>' . $hesklang['password_not_valid'] . '</li>';
  163. } /* Check password confirmation */
  164. else {
  165. $newpass2 = hesk_input(hesk_POST('newpass2'));
  166. if ($newpass != $newpass2) {
  167. $hesk_error_buffer .= '<li>' . $hesklang['passwords_not_same'] . '</li>';
  168. } else {
  169. $newpass_hash = hesk_Pass2Hash($newpass);
  170. if ($newpass_hash == '499d74967b28a841c98bb4baaabaad699ff3c079') {
  171. define('WARN_PASSWORD', true);
  172. }
  173. $sql_pass = ',`pass`=\'' . $newpass_hash . '\'';
  174. }
  175. }
  176. }
  177. /* After reply */
  178. $_SESSION['new']['afterreply'] = intval(hesk_POST('afterreply'));
  179. if ($_SESSION['new']['afterreply'] != 1 && $_SESSION['new']['afterreply'] != 2) {
  180. $_SESSION['new']['afterreply'] = 0;
  181. }
  182. $_SESSION['new']['notify_customer_new'] = isset($_POST['notify_customer_new']) ? 1 : 0;
  183. $_SESSION['new']['notify_customer_reply'] = isset($_POST['notify_customer_reply']) ? 1 : 0;
  184. $_SESSION['new']['show_suggested'] = isset($_POST['show_suggested']) ? 1 : 0;
  185. $_SESSION['new']['autoreload'] = isset($_POST['autoreload']) ? 1 : 0;
  186. if ($_SESSION['new']['autoreload']) {
  187. $_SESSION['new']['autoreload'] = intval(hesk_POST('reload_time'));
  188. if (hesk_POST('secmin') == 'min') {
  189. $_SESSION['new']['autoreload'] *= 60;
  190. }
  191. if ($_SESSION['new']['autoreload'] < 0 || $_SESSION['new']['autoreload'] > 65535) {
  192. $_SESSION['new']['autoreload'] = 30;
  193. }
  194. } else {
  195. hesk_setcookie('autorefresh', '');
  196. }
  197. /* Auto-start ticket timer */
  198. $_SESSION['new']['autostart'] = isset($_POST['autostart']) ? 1 : 0;
  199. /* Default calendar view */
  200. $_SESSION['new']['default_calendar_view'] = hesk_POST('default-calendar-view', 0);
  201. /* Notifications */
  202. if (!(!$_SESSION[$session_array]['isadmin'] && isset($_SESSION[$session_array]['heskprivileges'])
  203. && strpos($_SESSION[$session_array]['heskprivileges'], 'can_change_notification_settings') === false)) {
  204. $_SESSION['new']['notify_new_unassigned'] = empty($_POST['notify_new_unassigned']) || !$can_view_unassigned ? 0 : 1;
  205. $_SESSION['new']['notify_new_my'] = empty($_POST['notify_new_my']) ? 0 : 1;
  206. $_SESSION['new']['notify_reply_unassigned'] = empty($_POST['notify_reply_unassigned']) || !$can_view_unassigned ? 0 : 1;
  207. $_SESSION['new']['notify_reply_my'] = empty($_POST['notify_reply_my']) ? 0 : 1;
  208. $_SESSION['new']['notify_assigned'] = empty($_POST['notify_assigned']) ? 0 : 1;
  209. $_SESSION['new']['notify_note'] = empty($_POST['notify_note']) ? 0 : 1;
  210. $_SESSION['new']['notify_note_unassigned'] = empty($_POST['notify_note_unassigned']) ? 0 : 1;
  211. $_SESSION['new']['notify_pm'] = empty($_POST['notify_pm']) ? 0 : 1;
  212. $_SESSION['new']['notify_overdue_unassigned'] = empty($_POST['notify_overdue_unassigned']) ? 0 : 1;
  213. }
  214. /* Any errors? */
  215. if (strlen($hesk_error_buffer)) {
  216. /* Process the session variables */
  217. $_SESSION['new'] = hesk_stripArray($_SESSION['new']);
  218. $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
  219. hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
  220. } else {
  221. /* Update database */
  222. hesk_dbQuery(
  223. "UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET
  224. `name`='" . hesk_dbEscape($_SESSION['new']['name']) . "',
  225. `email`='" . hesk_dbEscape($_SESSION['new']['email']) . "',
  226. `signature`='" . hesk_dbEscape($_SESSION['new']['signature']) . "'
  227. $sql_username
  228. $sql_pass ,
  229. `afterreply`='" . intval($_SESSION['new']['afterreply']) . "' ,
  230. `autostart`='" . intval($_SESSION['new']['autostart']) . "' ,
  231. `autoreload`='".($_SESSION['new']['autoreload'])."' ,
  232. `notify_new_unassigned`='" . intval($_SESSION['new']['notify_new_unassigned']) . "' ,
  233. `notify_new_my`='" . intval($_SESSION['new']['notify_new_my']) . "' ,
  234. `notify_reply_unassigned`='" . intval($_SESSION['new']['notify_reply_unassigned']) . "' ,
  235. `notify_reply_my`='" . intval($_SESSION['new']['notify_reply_my']) . "' ,
  236. `notify_assigned`='" . intval($_SESSION['new']['notify_assigned']) . "' ,
  237. `notify_pm`='" . intval($_SESSION['new']['notify_pm']) . "',
  238. `notify_note`='" . intval($_SESSION['new']['notify_note']) . "',
  239. `notify_note_unassigned`='" . intval($_SESSION['new']['notify_note_unassigned']) . "',
  240. `notify_customer_new`='" . $_SESSION['new']['notify_customer_new'] . "',
  241. `notify_customer_reply`='" . $_SESSION['new']['notify_customer_reply'] . "',
  242. `notify_overdue_unassigned`='" . $_SESSION['new']['notify_overdue_unassigned'] . "',
  243. `show_suggested`='" . $_SESSION['new']['show_suggested'] . "',
  244. `default_calendar_view`=" . intval($_SESSION['new']['default_calendar_view']) . "
  245. WHERE `id`='" . intval($_SESSION['id']) . "'"
  246. );
  247. /* Process the session variables */
  248. $_SESSION['new'] = hesk_stripArray($_SESSION['new']);
  249. // Do we need a new session_verify tag?
  250. if (strlen($sql_username) && strlen($sql_pass)) {
  251. $_SESSION['session_verify'] = hesk_activeSessionCreateTag($_SESSION['new']['user'], $newpass_hash);
  252. } elseif (strlen($sql_pass)) {
  253. $_SESSION['session_verify'] = hesk_activeSessionCreateTag($_SESSION['user'], $newpass_hash);
  254. } elseif (strlen($sql_username)) {
  255. $res = hesk_dbQuery('SELECT `pass` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id` = '" . intval($_SESSION['id']) . "' LIMIT 1");
  256. $_SESSION['session_verify'] = hesk_activeSessionCreateTag($_SESSION['new']['user'], hesk_dbResult($res));
  257. }
  258. /* Update session variables */
  259. foreach ($_SESSION['new'] as $k => $v) {
  260. $_SESSION[$k] = $v;
  261. }
  262. unset($_SESSION['new']);
  263. hesk_process_messages($hesklang['profile_updated_success'], 'profile.php', 'SUCCESS');
  264. }
  265. } // End update_profile()
  266. ?>