0, 'agendaWeek' => 1, 'agendaDay' => 2, ); $default_view = $calendar_view_array[$modsForHesk_settings['default_calendar_view']]; /* Set default values */ $default_userdata = array( // Profile info 'name' => '', 'email' => '', 'cleanpass' => '', 'user' => '', 'autoassign' => 'Y', // Signature 'signature' => '', // Permissions 'isadmin' => 1, 'active' => 1, 'categories' => array('1'), 'features' => array('can_view_tickets', 'can_reply_tickets', 'can_change_cat', 'can_assign_self', 'can_view_unassigned', 'can_view_online'), // Preferences 'afterreply' => 0, 'autorefresh' => 0, // Defaults 'autostart' => 1, 'notify_customer_new' => 1, 'notify_customer_reply' => 1, 'show_suggested' => 1, 'default_calendar_view' => $default_view, // Notifications 'notify_new_unassigned' => 1, 'notify_new_my' => 1, 'notify_reply_unassigned' => 1, 'notify_reply_my' => 1, 'notify_assigned' => 1, 'notify_note' => 1, 'notify_pm' => 1, 'notify_note_unassigned' => 1, 'notify_overdue_unassigned' => 0, ); /* A list of all categories */ $orderBy = $modsForHesk_settings['category_order_column']; $hesk_settings['categories'] = array(); $res = hesk_dbQuery('SELECT `id`,`name` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'categories` ORDER BY `' . $orderBy . '` ASC'); while ($row = hesk_dbFetchAssoc($res)) { if (hesk_okCategory($row['id'], 0)) { $hesk_settings['categories'][$row['id']] = $row['name']; } } /* Non-admin users may not create users with more permissions than they have */ if (!$_SESSION['isadmin']) { /* Can't create admin users */ if (isset($_POST['isadmin'])) { unset($_POST['isadmin']); } /* Can only add features he/she has access to */ $hesk_settings['features'] = array_intersect(explode(',', $_SESSION['heskprivileges']), $hesk_settings['features']); /* Can user modify auto-assign setting? */ if ($hesk_settings['autoassign'] && (!hesk_checkPermission('can_assign_self', 0) || !hesk_checkPermission('can_assign_others', 0))) { $hesk_settings['autoassign'] = 0; } } /* Use any set values, default otherwise */ foreach ($default_userdata as $k => $v) { if (!isset($_SESSION['userdata'][$k])) { $_SESSION['userdata'][$k] = $v; } } $_SESSION['userdata'] = hesk_stripArray($_SESSION['userdata']); /* What should we do? */ if ($action = hesk_REQUEST('a')) { if ($action == 'reset_form') { $_SESSION['edit_userdata'] = TRUE; header('Location: ./manage_users.php'); } elseif ($action == 'edit') { edit_user(); } elseif (defined('HESK_DEMO')) { hesk_process_messages($hesklang['ddemo'], 'manage_users.php', 'NOTICE'); } elseif ($action == 'new') { new_user(); } elseif ($action == 'save') { update_user(); } elseif ($action == 'remove') { remove(); } elseif ($action == 'autoassign') { toggle_autoassign(); } elseif ($action == 'active') { toggle_active(); } else { hesk_error($hesklang['invalid_action']); } } else { /* If one came from the Edit page make sure we reset user values */ if (isset($_SESSION['save_userdata'])) { $_SESSION['userdata'] = $default_userdata; unset($_SESSION['save_userdata']); } if (isset($_SESSION['edit_userdata'])) { $_SESSION['userdata'] = $default_userdata; unset($_SESSION['edit_userdata']); } /* Print header */ require_once(HESK_PATH . 'inc/headerAdmin.inc.php'); require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); ?>

*

$myuser['name'], 'user' => $myuser['user'], 'email' => $myuser['email']); continue; } if (isset($_SESSION['seluser']) && $myuser['id'] == $_SESSION['seluser']) { $color = 'admin_green'; unset($_SESSION['seluser']); } else { $color = $i ? 'admin_white' : 'admin_gray'; } $tmp = $i ? 'White' : 'Blue'; $style = 'class="option' . $tmp . 'OFF" onmouseover="this.className=\'option' . $tmp . 'ON\'" onmouseout="this.className=\'option' . $tmp . 'OFF\'"'; $i = $i ? 0 : 1; /* User online? */ if ($hesk_settings['online']) { if (isset($hesk_settings['users_online'][$myuser['id']])) { $myuser['name'] = ' ' . $myuser['name']; } else { $myuser['name'] = ' ' . $myuser['name']; } } /* To edit yourself go to "Profile" page, not here. */ if ($myuser['id'] == $_SESSION['id']) { $edit_code = ''; } elseif ($myuser['id'] == 1) { $edit_code = ' '; } else { $edit_code = ''; } if ($myuser['isadmin']) { $myuser['isadmin'] = '' . $hesklang['yes'] . ''; } else { $myuser['isadmin'] = '' . $hesklang['no'] . ''; } /* Deleting user with ID 1 (default administrator) is not allowed. Also don't allow the logged in user to be deleted or inactivated */ if ($myuser['id'] == 1 || $myuser['id'] == $_SESSION['id']) { $remove_code = ' '; } else { $remove_code = ' '; } /* Is auto assign enabled? */ if ($hesk_settings['autoassign']) { if ($myuser['autoassign']) { $autoassign_code = ''; } else { $autoassign_code = ''; } } else { $autoassign_code = ''; } $activeMarkup = ''; if ($myuser['id'] != $_SESSION['id'] && $myuser['id'] != 1) { /* Is the user active? */ if ($myuser['active']) { $activeMarkup = ''; } else { $activeMarkup = ''; } } $templateName = $hesklang['custom']; if ($myuser['permission_template'] != -1) { $result = hesk_dbQuery("SELECT `name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "permission_templates` WHERE `id` = " . intval($myuser['permission_template'])); $row = hesk_dbFetchAssoc($result); $templateName = $row['name']; } echo << EOC; if ($hesk_settings['rating']) { $alt = $myuser['rating'] ? sprintf($hesklang['rated'], sprintf("%01.1f", $myuser['rating']), ($myuser['ratingneg'] + $myuser['ratingpos'])) : $hesklang['not_rated']; echo ''; } echo <<$autoassign_code $edit_code $remove_code $activeMarkup EOC; } // End while ?>
  
$myuser[name] $myuser[email] $myuser[user] $templateName' . $alt . ' 
' . $hesklang['online'] . '     ' . $hesklang['offline']; } ?>

*
0) { hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `manager` = 0 WHERE `id` IN (" . implode(',', $revokeCats) . ")"); } } hesk_dbQuery( "UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `user`='" . hesk_dbEscape($myuser['user']) . "', `name`='" . hesk_dbEscape($myuser['name']) . "', `email`='" . hesk_dbEscape($myuser['email']) . "', `signature`='" . hesk_dbEscape($myuser['signature']) . "'," . (isset($myuser['pass']) ? "`pass`='" . hesk_dbEscape($myuser['pass']) . "'," : '') . " `categories`='" . hesk_dbEscape($myuser['categories']) . "', `isadmin`='" . intval($myuser['isadmin']) . "', `active`='" . intval($myuser['active']) . "', `autoassign`='" . intval($myuser['autoassign']) . "', `heskprivileges`='" . hesk_dbEscape($myuser['features']) . "', `afterreply`='" . ($myuser['afterreply']) . "' , `autostart`='" . ($myuser['autostart']) . "' , `notify_customer_new`='" . ($myuser['notify_customer_new']) . "' , `notify_customer_reply`='" . ($myuser['notify_customer_reply']) . "' , `show_suggested`='" . ($myuser['show_suggested']) . "' , `notify_new_unassigned`='" . ($myuser['notify_new_unassigned']) . "' , `notify_new_my`='" . ($myuser['notify_new_my']) . "' , `notify_reply_unassigned`='" . ($myuser['notify_reply_unassigned']) . "' , `notify_reply_my`='" . ($myuser['notify_reply_my']) . "' , `notify_assigned`='" . ($myuser['notify_assigned']) . "' , `notify_pm`='" . ($myuser['notify_pm']) . "', `notify_note`='" . ($myuser['notify_note']) . "', `notify_note_unassigned`='" . ($myuser['notify_note_unassigned']) . "', `notify_overdue_unassigned`='" . ($myuser['notify_overdue_unassigned']) . "', `autorefresh`=" . intval($myuser['autorefresh']) . ", `permission_template`=" . intval($myuser['template']) . ", `default_calendar_view`=" . intval($myuser['default_calendar_view']) . " WHERE `id`='" . intval($myuser['id']) . "' LIMIT 1"); // If they are now inactive, remove any manager rights if (!$myuser['active']) { hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `manager` = 0 WHERE `manager` = " . intval($myuser['id'])); } unset($_SESSION['save_userdata']); unset($_SESSION['userdata']); hesk_process_messages($hesklang['user_profile_updated_success'], $_SERVER['PHP_SELF'], 'SUCCESS'); } // End update_profile() function hesk_validateUserInfo($pass_required = 1, $redirect_to = './manage_users.php') { global $hesk_settings, $hesklang; $hesk_error_buffer = ''; $myuser['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer .= '
  • ' . $hesklang['enter_real_name'] . '
    • '; $myuser['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer .= '
  • ' . $hesklang['enter_valid_email'] . '
    • '; $myuser['user'] = hesk_input(hesk_POST('user')) or $hesk_error_buffer .= '
  • ' . $hesklang['enter_username'] . '
    • '; $myuser['isadmin'] = hesk_POST('template') == '1' ? 1 : 0; $myuser['template'] = hesk_POST('template'); $myuser['signature'] = hesk_input(hesk_POST('signature')); $myuser['autoassign'] = hesk_POST('autoassign') == 'Y' ? 1 : 0; $myuser['active'] = empty($_POST['active']) ? 0 : 1; $myuser['can_change_notification_settings'] = empty($_POST['can_change_notification_settings']) ? 0 : 1; /* If it's not admin at least one category and fature is required */ $myuser['categories'] = array(); $myuser['features'] = array(); if ($myuser['isadmin'] == 0) { if (empty($_POST['categories']) || !is_array($_POST['categories'])) { $hesk_error_buffer .= '
  • ' . $hesklang['asign_one_cat'] . '
    • '; } else { foreach ($_POST['categories'] as $tmp) { if (is_array($tmp)) { continue; } if ($tmp = intval($tmp)) { $myuser['categories'][] = $tmp; } } } if (empty($_POST['features']) || !is_array($_POST['features'])) { $hesk_error_buffer .= '
  • ' . $hesklang['asign_one_feat'] . '
    • '; } else { foreach ($_POST['features'] as $tmp) { if (in_array($tmp, $hesk_settings['features'])) { $myuser['features'][] = $tmp; } } } } if (strlen($myuser['signature']) > 1000) { $hesk_error_buffer .= '
  • ' . $hesklang['signature_long'] . '
    • '; } /* Password */ $myuser['cleanpass'] = ''; $newpass = hesk_input(hesk_POST('newpass')); $passlen = strlen($newpass); if ($pass_required || $passlen > 0) { /* At least 5 chars? */ if ($passlen < 5) { $hesk_error_buffer .= '
  • ' . $hesklang['password_not_valid'] . '
    • '; } /* Check password confirmation */ else { $newpass2 = hesk_input(hesk_POST('newpass2')); if ($newpass != $newpass2) { $hesk_error_buffer .= '
  • ' . $hesklang['passwords_not_same'] . '
    • '; } else { $myuser['pass'] = hesk_Pass2Hash($newpass); $myuser['cleanpass'] = $newpass; } } } /* After reply */ $myuser['afterreply'] = intval(hesk_POST('afterreply')); if ($myuser['afterreply'] != 1 && $myuser['afterreply'] != 2) { $myuser['afterreply'] = 0; } $myuser['autorefresh'] = intval(hesk_POST('autorefresh')); // Defaults $myuser['autostart'] = isset($_POST['autostart']) ? 1 : 0; $myuser['notify_customer_new'] = isset($_POST['notify_customer_new']) ? 1 : 0; $myuser['notify_customer_reply'] = isset($_POST['notify_customer_reply']) ? 1 : 0; $myuser['show_suggested'] = isset($_POST['show_suggested']) ? 1 : 0; $myuser['default_calendar_view'] = hesk_POST('default-calendar-view', 0); /* Notifications */ $myuser['notify_new_unassigned'] = empty($_POST['notify_new_unassigned']) ? 0 : 1; $myuser['notify_new_my'] = empty($_POST['notify_new_my']) ? 0 : 1; $myuser['notify_reply_unassigned'] = empty($_POST['notify_reply_unassigned']) ? 0 : 1; $myuser['notify_reply_my'] = empty($_POST['notify_reply_my']) ? 0 : 1; $myuser['notify_assigned'] = empty($_POST['notify_assigned']) ? 0 : 1; $myuser['notify_note'] = empty($_POST['notify_note']) ? 0 : 1; $myuser['notify_pm'] = empty($_POST['notify_pm']) ? 0 : 1; $myuser['notify_note_unassigned'] = empty($_POST['notify_note_unassigned']) ? 0 : 1; $myuser['notify_overdue_unassigned'] = empty($_POST['notify_overdue_unassigned']) ? 0 : 1; /* Save entered info in session so we don't loose it in case of errors */ $_SESSION['userdata'] = $myuser; /* Any errors */ if (strlen($hesk_error_buffer)) { if ($myuser['isadmin']) { // Preserve default staff data for the form global $default_userdata; $_SESSION['userdata']['features'] = $default_userdata['features']; $_SESSION['userdata']['categories'] = $default_userdata['categories']; } $hesk_error_buffer = $hesklang['rfm'] . '

    '; hesk_process_messages($hesk_error_buffer, $redirect_to); } // "can_unban_emails" feature also enables "can_ban_emails" if (in_array('can_unban_emails', $myuser['features']) && !in_array('can_ban_emails', $myuser['features'])) { $myuser['features'][] = 'can_ban_emails'; } return $myuser; } // End hesk_validateUserInfo() function remove() { global $hesk_settings, $hesklang; /* A security check */ hesk_token_check(); $myuser = intval(hesk_GET('id')) or hesk_error($hesklang['no_valid_id']); /* You can't delete the default user */ if ($myuser == 1) { hesk_process_messages($hesklang['cant_del_admin'], './manage_users.php'); } /* You can't delete your own account (the one you are logged in) */ if ($myuser == $_SESSION['id']) { hesk_process_messages($hesklang['cant_del_own'], './manage_users.php'); } // Revoke manager rights hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `manager` = 0 WHERE `manager` = " . intval($myuser)); /* Un-assign all tickets for this user */ $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`=0 WHERE `owner`='" . intval($myuser) . "'"); /* Delete user info */ $res = hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id`='" . intval($myuser) . "'"); if (hesk_dbAffectedRows() != 1) { hesk_process_messages($hesklang['int_error'] . ': ' . $hesklang['user_not_found'], './manage_users.php'); } hesk_process_messages($hesklang['sel_user_removed'], './manage_users.php', 'SUCCESS'); } // End remove() function toggle_autoassign() { global $hesk_settings, $hesklang; /* A security check */ hesk_token_check(); $myuser = intval(hesk_GET('id')) or hesk_error($hesklang['no_valid_id']); $_SESSION['seluser'] = $myuser; if (intval(hesk_GET('s'))) { $autoassign = 1; $tmp = $hesklang['uaaon']; } else { $autoassign = 0; $tmp = $hesklang['uaaoff']; } /* Update auto-assign settings */ $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `autoassign`='{$autoassign}' WHERE `id`='" . intval($myuser) . "'"); if (hesk_dbAffectedRows() != 1) { hesk_process_messages($hesklang['int_error'] . ': ' . $hesklang['user_not_found'], './manage_users.php'); } hesk_process_messages($tmp, './manage_users.php', 'SUCCESS'); } // End toggle_autoassign() function toggle_active() { global $hesk_settings, $hesklang; /* Security check */ hesk_token_check(); $myuser = intval(hesk_GET('id')) or hesk_error($hesklang['no_valid_id']); $_SESSION['seluser'] = $myuser; if (intval($myuser) == $_SESSION['id']) { //-- You can't deactivate yourself! hesk_process_messages($hesklang['self_deactivation'], './manage_users.php'); } if (intval(hesk_GET('s'))) { $active = 1; $tmp = $hesklang['user_activated']; $notificationSql = ""; } else { $active = 0; $tmp = $hesklang['user_deactivated']; // Revoke any manager rights hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `manager` = 0 WHERE `manager` = " . intval($myuser)); $notificationSql = ", `autoassign` = '0', `notify_new_unassigned` = '0', `notify_new_my` = '0', `notify_reply_unassigned` = '0', `notify_reply_my` = '0', `notify_assigned` = '0', `notify_pm` = '0', `notify_note` = '0', `notify_note_unassigned` = '0', `notify_overdue_unassigned` = '0'"; } hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `active` = '" . $active . "'" . $notificationSql . " WHERE `id` = '" . intval($myuser) . "'"); if (hesk_dbAffectedRows() != 1) { hesk_process_messages($hesklang['int_error'] . ': ' . $hesklang['user_not_found'], './manage_users.php'); } hesk_process_messages($tmp, './manage_users.php', 'SUCCESS'); } ?>