'',
'email' => '',
'cleanpass' => '',
'user' => '',
'autoassign' => 'Y',
// Signature
'signature' => '',
// Permissions
'isadmin' => 1,
'active' => 1,
'categories' => array('1'),
'features' => array('can_view_tickets','can_reply_tickets','can_change_cat','can_assign_self','can_view_unassigned','can_view_online'),
// Preferences
'afterreply' => 0,
'autorefresh' => 0,
// Defaults
'autostart' => 1,
'notify_customer_new' => 1,
'notify_customer_reply' => 1,
'show_suggested' => 1,
// Notifications
'notify_new_unassigned' => 1,
'notify_new_my' => 1,
'notify_reply_unassigned' => 1,
'notify_reply_my' => 1,
'notify_assigned' => 1,
'notify_note' => 1,
'notify_pm' => 1,
'notify_note_unassigned' => 1,
);
$modsForHesk_settings = mfh_getSettings();
/* A list of all categories */
$orderBy = $modsForHesk_settings['category_order_column'];
$hesk_settings['categories'] = array();
$res = hesk_dbQuery('SELECT `id`,`name` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'categories` ORDER BY `'.$orderBy.'` ASC');
while ($row=hesk_dbFetchAssoc($res))
{
if ( hesk_okCategory($row['id'], 0) )
{
$hesk_settings['categories'][$row['id']] = $row['name'];
}
}
/* Non-admin users may not create users with more permissions than they have */
if ( ! $_SESSION['isadmin'])
{
/* Can't create admin users */
if ( isset($_POST['isadmin']) )
{
unset($_POST['isadmin']);
}
/* Can only add features he/she has access to */
$hesk_settings['features'] = array_intersect( explode(',', $_SESSION['heskprivileges']) , $hesk_settings['features']);
/* Can user modify auto-assign setting? */
if ($hesk_settings['autoassign'] && ( ! hesk_checkPermission('can_assign_self', 0) || ! hesk_checkPermission('can_assign_others', 0) ) )
{
$hesk_settings['autoassign'] = 0;
}
}
/* Use any set values, default otherwise */
foreach ($default_userdata as $k => $v)
{
if ( ! isset($_SESSION['userdata'][$k]) )
{
$_SESSION['userdata'][$k] = $v;
}
}
$_SESSION['userdata'] = hesk_stripArray($_SESSION['userdata']);
/* What should we do? */
if ( $action = hesk_REQUEST('a') )
{
if ($action == 'reset_form')
{
$_SESSION['edit_userdata'] = TRUE;
header('Location: ./manage_users.php');
}
elseif ($action == 'edit') {edit_user();}
elseif ( defined('HESK_DEMO') ) {hesk_process_messages($hesklang['ddemo'], 'manage_users.php', 'NOTICE');}
elseif ($action == 'new') {new_user();}
elseif ($action == 'save') {update_user();}
elseif ($action == 'remove') {remove();}
elseif ($action == 'autoassign') {toggle_autoassign();}
elseif ($action == 'active') {toggle_active();}
else {hesk_error($hesklang['invalid_action']);}
}
else
{
/* If one came from the Edit page make sure we reset user values */
if (isset($_SESSION['save_userdata']))
{
$_SESSION['userdata'] = $default_userdata;
unset($_SESSION['save_userdata']);
}
if (isset($_SESSION['edit_userdata']))
{
$_SESSION['userdata'] = $default_userdata;
unset($_SESSION['edit_userdata']);
}
/* Print header */
require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
/* Print main manage users page */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
|
|
|
|
|
|
$myuser['name'], 'user' => $myuser['user'], 'email' => $myuser['email']);
continue;
}
if ( isset($_SESSION['seluser']) && $myuser['id'] == $_SESSION['seluser'])
{
$color = 'admin_green';
unset($_SESSION['seluser']);
}
else
{
$color = $i ? 'admin_white' : 'admin_gray';
}
$tmp = $i ? 'White' : 'Blue';
$style = 'class="option'.$tmp.'OFF" onmouseover="this.className=\'option'.$tmp.'ON\'" onmouseout="this.className=\'option'.$tmp.'OFF\'"';
$i = $i ? 0 : 1;
/* User online? */
if ($hesk_settings['online'])
{
if (isset($hesk_settings['users_online'][$myuser['id']]))
{
$myuser['name'] = ' ' . $myuser['name'];
}
else
{
$myuser['name'] = ' ' . $myuser['name'];
}
}
/* To edit yourself go to "Profile" page, not here. */
if ($myuser['id'] == $_SESSION['id'])
{
$edit_code = '';
} elseif ($myuser['id'] == 1)
{
$edit_code = ' ';
} else
{
$edit_code = '';
}
if ($myuser['isadmin'])
{
$myuser['isadmin'] = ''.$hesklang['yes'].'';
}
else
{
$myuser['isadmin'] = ''.$hesklang['no'].'';
}
/* Deleting user with ID 1 (default administrator) is not allowed. Also don't allow the logged in user to be deleted or inactivated */
if ($myuser['id'] == 1 || $myuser['id'] == $_SESSION['id'])
{
$remove_code = ' ';
} else
{
$remove_code = ' ';
}
/* Is auto assign enabled? */
if ($hesk_settings['autoassign'])
{
if ($myuser['autoassign'])
{
$autoassign_code = '';
}
else
{
$autoassign_code = '';
}
}
else
{
$autoassign_code = '';
}
$activeMarkup = '';
if ($myuser['id'] != $_SESSION['id'] && $myuser['id'] != 1) {
/* Is the user active? */
if ($myuser['active']) {
$activeMarkup = '';
} else {
$activeMarkup = '';
}
}
$templateName = $hesklang['custom'];
if ($myuser['permission_template'] != -1) {
$result = hesk_dbQuery("SELECT `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."permission_templates` WHERE `id` = ".intval($myuser['permission_template']));
$row = hesk_dbFetchAssoc($result);
$templateName = $row['name'];
}
echo <<
$myuser[name] |
$myuser[email] |
$myuser[user] |
$templateName |
EOC;
if ($hesk_settings['rating'])
{
$alt = $myuser['rating'] ? sprintf($hesklang['rated'], sprintf("%01.1f", $myuser['rating']), ($myuser['ratingneg']+$myuser['ratingpos'])) : $hesklang['not_rated'];
echo ' | ';
}
echo <<$autoassign_code $edit_code $remove_code $activeMarkup
EOC;
} // End while
?>
'.$hesklang['online'].'
'.$hesklang['offline'];
}?>
0) {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `manager` = 0 WHERE `id` IN (" . implode(',', $revokeCats) . ")");
}
}
hesk_dbQuery(
"UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."users` SET
`user`='".hesk_dbEscape($myuser['user'])."',
`name`='".hesk_dbEscape($myuser['name'])."',
`email`='".hesk_dbEscape($myuser['email'])."',
`signature`='".hesk_dbEscape($myuser['signature'])."'," . ( isset($myuser['pass']) ? "`pass`='".hesk_dbEscape($myuser['pass'])."'," : '' ) . "
`categories`='".hesk_dbEscape($myuser['categories'])."',
`isadmin`='".intval($myuser['isadmin'])."',
`active`='".intval($myuser['active'])."',
`autoassign`='".intval($myuser['autoassign'])."',
`heskprivileges`='".hesk_dbEscape($myuser['features'])."',
`afterreply`='".($myuser['afterreply'])."' ,
`autostart`='".($myuser['autostart'])."' ,
`notify_customer_new`='".($myuser['notify_customer_new'])."' ,
`notify_customer_reply`='".($myuser['notify_customer_reply'])."' ,
`show_suggested`='".($myuser['show_suggested'])."' ,
`notify_new_unassigned`='".($myuser['notify_new_unassigned'])."' ,
`notify_new_my`='".($myuser['notify_new_my'])."' ,
`notify_reply_unassigned`='".($myuser['notify_reply_unassigned'])."' ,
`notify_reply_my`='".($myuser['notify_reply_my'])."' ,
`notify_assigned`='".($myuser['notify_assigned'])."' ,
`notify_pm`='".($myuser['notify_pm'])."',
`notify_note`='".($myuser['notify_note'])."',
`notify_note_unassigned`='".($myuser['notify_note_unassigned'])."',
`autorefresh`=".intval($myuser['autorefresh']).",
`permission_template`=".intval($myuser['template'])."
WHERE `id`='".intval($myuser['id'])."' LIMIT 1");
// If they are now inactive, remove any manager rights
if (!$myuser['active']) {
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` SET `manager` = 0 WHERE `manager` = ".intval($myuser['id']));
}
unset($_SESSION['save_userdata']);
unset($_SESSION['userdata']);
hesk_process_messages( $hesklang['user_profile_updated_success'],$_SERVER['PHP_SELF'],'SUCCESS');
} // End update_profile()
function hesk_validateUserInfo($pass_required = 1, $redirect_to = './manage_users.php')
{
global $hesk_settings, $hesklang;
$hesk_error_buffer = '';
$myuser['name'] = hesk_input( hesk_POST('name') ) or $hesk_error_buffer .= '' . $hesklang['enter_real_name'] . '';
$myuser['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer .= '' . $hesklang['enter_valid_email'] . '';
$myuser['user'] = hesk_input( hesk_POST('user') ) or $hesk_error_buffer .= '' . $hesklang['enter_username'] . '';
$myuser['isadmin'] = hesk_POST('template') == '1' ? 1 : 0;
$myuser['template'] = hesk_POST('template');
$myuser['signature'] = hesk_input( hesk_POST('signature') );
$myuser['autoassign'] = hesk_POST('autoassign') == 'Y' ? 1 : 0;
$myuser['active'] = empty($_POST['active']) ? 0 : 1;
$myuser['can_change_notification_settings'] = empty($_POST['can_change_notification_settings']) ? 0 : 1;
/* If it's not admin at least one category and fature is required */
$myuser['categories'] = array();
$myuser['features'] = array();
if ($myuser['isadmin']==0)
{
if (empty($_POST['categories']) || ! is_array($_POST['categories']) )
{
$hesk_error_buffer .= '' . $hesklang['asign_one_cat'] . '';
}
else
{
foreach ($_POST['categories'] as $tmp)
{
if (is_array($tmp))
{
continue;
}
if ($tmp = intval($tmp))
{
$myuser['categories'][] = $tmp;
}
}
}
if (empty($_POST['features']) || ! is_array($_POST['features']) )
{
$hesk_error_buffer .= '' . $hesklang['asign_one_feat'] . '';
}
else
{
foreach ($_POST['features'] as $tmp)
{
if (in_array($tmp,$hesk_settings['features']))
{
$myuser['features'][] = $tmp;
}
}
}
}
if (strlen($myuser['signature'])>255)
{
$hesk_error_buffer .= '' . $hesklang['signature_long'] . '';
}
/* Password */
$myuser['cleanpass'] = '';
$newpass = hesk_input( hesk_POST('newpass') );
$passlen = strlen($newpass);
if ($pass_required || $passlen > 0)
{
/* At least 5 chars? */
if ($passlen < 5)
{
$hesk_error_buffer .= '' . $hesklang['password_not_valid'] . '';
}
/* Check password confirmation */
else
{
$newpass2 = hesk_input( hesk_POST('newpass2') );
if ($newpass != $newpass2)
{
$hesk_error_buffer .= '' . $hesklang['passwords_not_same'] . '';
}
else
{
$myuser['pass'] = hesk_Pass2Hash($newpass);
$myuser['cleanpass'] = $newpass;
}
}
}
/* After reply */
$myuser['afterreply'] = intval( hesk_POST('afterreply') );
if ($myuser['afterreply'] != 1 && $myuser['afterreply'] != 2)
{
$myuser['afterreply'] = 0;
}
$myuser['autorefresh'] = intval(hesk_POST('autorefresh'));
// Defaults
$myuser['autostart'] = isset($_POST['autostart']) ? 1 : 0;
$myuser['notify_customer_new'] = isset($_POST['notify_customer_new']) ? 1 : 0;
$myuser['notify_customer_reply'] = isset($_POST['notify_customer_reply']) ? 1 : 0;
$myuser['show_suggested'] = isset($_POST['show_suggested']) ? 1 : 0;
/* Notifications */
$myuser['notify_new_unassigned'] = empty($_POST['notify_new_unassigned']) ? 0 : 1;
$myuser['notify_new_my'] = empty($_POST['notify_new_my']) ? 0 : 1;
$myuser['notify_reply_unassigned'] = empty($_POST['notify_reply_unassigned']) ? 0 : 1;
$myuser['notify_reply_my'] = empty($_POST['notify_reply_my']) ? 0 : 1;
$myuser['notify_assigned'] = empty($_POST['notify_assigned']) ? 0 : 1;
$myuser['notify_note'] = empty($_POST['notify_note']) ? 0 : 1;
$myuser['notify_pm'] = empty($_POST['notify_pm']) ? 0 : 1;
$myuser['notify_note_unassigned'] = empty($_POST['notify_note_unassigned']) ? 0 : 1;
/* Save entered info in session so we don't loose it in case of errors */
$_SESSION['userdata'] = $myuser;
/* Any errors */
if (strlen($hesk_error_buffer))
{
if ($myuser['isadmin'])
{
// Preserve default staff data for the form
global $default_userdata;
$_SESSION['userdata']['features'] = $default_userdata['features'];
$_SESSION['userdata']['categories'] = $default_userdata['categories'];
}
$hesk_error_buffer = $hesklang['rfm'].'
';
hesk_process_messages($hesk_error_buffer,$redirect_to);
}
// "can_unban_emails" feature also enables "can_ban_emails"
if ( in_array('can_unban_emails', $myuser['features']) && ! in_array('can_ban_emails', $myuser['features']) )
{
$myuser['features'][] = 'can_ban_emails';
}
return $myuser;
} // End hesk_validateUserInfo()
function remove()
{
global $hesk_settings, $hesklang;
/* A security check */
hesk_token_check();
$myuser = intval( hesk_GET('id' ) ) or hesk_error($hesklang['no_valid_id']);
/* You can't delete the default user */
if ($myuser == 1)
{
hesk_process_messages($hesklang['cant_del_admin'],'./manage_users.php');
}
/* You can't delete your own account (the one you are logged in) */
if ($myuser == $_SESSION['id'])
{
hesk_process_messages($hesklang['cant_del_own'],'./manage_users.php');
}
// Revoke manager rights
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` SET `manager` = 0 WHERE `manager` = ".intval($myuser));
/* Un-assign all tickets for this user */
$res = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `owner`=0 WHERE `owner`='".intval($myuser)."'");
/* Delete user info */
$res = hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id`='".intval($myuser)."'");
if (hesk_dbAffectedRows() != 1)
{
hesk_process_messages($hesklang['int_error'].': '.$hesklang['user_not_found'],'./manage_users.php');
}
hesk_process_messages($hesklang['sel_user_removed'],'./manage_users.php','SUCCESS');
} // End remove()
function toggle_autoassign()
{
global $hesk_settings, $hesklang;
/* A security check */
hesk_token_check();
$myuser = intval( hesk_GET('id' ) ) or hesk_error($hesklang['no_valid_id']);
$_SESSION['seluser'] = $myuser;
if ( intval( hesk_GET('s') ) )
{
$autoassign = 1;
$tmp = $hesklang['uaaon'];
}
else
{
$autoassign = 0;
$tmp = $hesklang['uaaoff'];
}
/* Update auto-assign settings */
$res = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."users` SET `autoassign`='{$autoassign}' WHERE `id`='".intval($myuser)."'");
if (hesk_dbAffectedRows() != 1)
{
hesk_process_messages($hesklang['int_error'].': '.$hesklang['user_not_found'],'./manage_users.php');
}
hesk_process_messages($tmp,'./manage_users.php','SUCCESS');
} // End toggle_autoassign()
function toggle_active()
{
global $hesk_settings, $hesklang;
/* Security check */
hesk_token_check();
$myuser = intval(hesk_GET('id')) or hesk_error($hesklang['no_valid_id']);
$_SESSION['seluser'] = $myuser;
if (intval($myuser) == $_SESSION['id'])
{
//-- You can't deactivate yourself!
hesk_process_messages($hesklang['self_deactivation'], './manage_users.php');
}
if (intval(hesk_GET('s')))
{
$active = 1;
$tmp = $hesklang['user_activated'];
$notificationSql = "";
} else
{
$active = 0;
$tmp = $hesklang['user_deactivated'];
// Revoke any manager rights
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` SET `manager` = 0 WHERE `manager` = ".intval($myuser));
$notificationSql = ", `autoassign` = 0, `notify_new_unassigned` = 0, `notify_new_my` = 0, `notify_reply_unassigned` = 0,
`notify_reply_my` = 0, `notify_assigned` = 0, `notify_pm` = 0, `notify_note` = 0, `notify_note_unassigned` = 0";
}
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."users` SET `active` = '".$active."'".$notificationSql." WHERE `id` = '".intval($myuser)."'");
if (hesk_dbAffectedRows() != 1) {
hesk_process_messages($hesklang['int_error'].': '.$hesklang['user_not_found'],'./manage_users.php');
}
hesk_process_messages($tmp,'./manage_users.php','SUCCESS');
}
?>