Bootswatch, Summernote, and Captcheck mods for Mods for HESK (mods-for-hesk.com). In use at support.netsyms.com.
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.

manage_users.php 39KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974
  1. <?php
  2. /**
  3. *
  4. * This file is part of HESK - PHP Help Desk Software.
  5. *
  6. * (c) Copyright Klemen Stirn. All rights reserved.
  7. * https://www.hesk.com
  8. *
  9. * For the full copyright and license agreement information visit
  10. * https://www.hesk.com/eula.php
  11. *
  12. */
  13. define('IN_SCRIPT', 1);
  14. define('HESK_PATH', '../');
  15. define('VALIDATOR', 1);
  16. define('PAGE_TITLE', 'ADMIN_USERS');
  17. define('MFH_PAGE_LAYOUT', 'TOP_ONLY');
  18. /* Get all the required files and functions */
  19. require(HESK_PATH . 'hesk_settings.inc.php');
  20. require(HESK_PATH . 'inc/common.inc.php');
  21. require(HESK_PATH . 'inc/admin_functions.inc.php');
  22. require(HESK_PATH . 'inc/profile_functions.inc.php');
  23. require(HESK_PATH . 'inc/mail_functions.inc.php');
  24. hesk_load_database_functions();
  25. hesk_session_start();
  26. hesk_dbConnect();
  27. hesk_isLoggedIn();
  28. /* Check permissions for this feature */
  29. hesk_checkPermission('can_man_users');
  30. /* Possible user features */
  31. $hesk_settings['features'] = hesk_getFeatureArray();
  32. $modsForHesk_settings = mfh_getSettings();
  33. $calendar_view_array = array(
  34. 'month' => 0,
  35. 'agendaWeek' => 1,
  36. 'agendaDay' => 2,
  37. );
  38. $default_view = $calendar_view_array[$modsForHesk_settings['default_calendar_view']];
  39. $staff_permission_template_rs = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "permission_templates` WHERE `id` = 2");
  40. $staff_permission_template = hesk_dbFetchAssoc($staff_permission_template_rs);
  41. /* Set default values */
  42. $default_userdata = array(
  43. // Profile info
  44. 'name' => '',
  45. 'email' => '',
  46. 'cleanpass' => '',
  47. 'user' => '',
  48. 'autoassign' => 'Y',
  49. // Signature
  50. 'signature' => '',
  51. // Permissions
  52. 'isadmin' => 1,
  53. 'active' => 1,
  54. 'categories' => explode(',', $staff_permission_template['categories']),
  55. 'features' => explode(',', $staff_permission_template['heskprivileges']),
  56. // Preferences
  57. 'afterreply' => 0,
  58. // Permission template
  59. 'permission_template' => 2,
  60. // Defaults
  61. 'autostart' => 1,
  62. 'notify_customer_new' => 1,
  63. 'notify_customer_reply' => 1,
  64. 'show_suggested' => 1,
  65. 'autoreload' => 0,
  66. 'default_calendar_view' => $default_view,
  67. // Notifications
  68. 'notify_new_unassigned' => 1,
  69. 'notify_new_my' => 1,
  70. 'notify_reply_unassigned' => 1,
  71. 'notify_reply_my' => 1,
  72. 'notify_assigned' => 1,
  73. 'notify_note' => 1,
  74. 'notify_pm' => 1,
  75. 'notify_note_unassigned' => 1,
  76. 'notify_overdue_unassigned' => 0,
  77. );
  78. /* A list of all categories */
  79. $orderBy = $modsForHesk_settings['category_order_column'];
  80. $hesk_settings['categories'] = array();
  81. $res = hesk_dbQuery('SELECT `id`,`name` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'categories` ORDER BY `' . $orderBy . '` ASC');
  82. while ($row = hesk_dbFetchAssoc($res)) {
  83. if (hesk_checkPermission('can_man_cat', 0) || hesk_okCategory($row['id'], 0)) {
  84. $hesk_settings['categories'][$row['id']] = $row['name'];
  85. }
  86. }
  87. /* Non-admin users may not create users with more permissions than they have */
  88. if (!$_SESSION['isadmin']) {
  89. /* Can't create admin users */
  90. if (isset($_POST['isadmin'])) {
  91. unset($_POST['isadmin']);
  92. }
  93. /* Can only add features he/she has access to */
  94. $hesk_settings['features'] = array_intersect(explode(',', $_SESSION['heskprivileges']), $hesk_settings['features']);
  95. /* Can user modify auto-assign setting? */
  96. if ($hesk_settings['autoassign'] && (!hesk_checkPermission('can_assign_self', 0) || !hesk_checkPermission('can_assign_others', 0))) {
  97. $hesk_settings['autoassign'] = 0;
  98. }
  99. }
  100. /* Use any set values, default otherwise */
  101. foreach ($default_userdata as $k => $v) {
  102. if (!isset($_SESSION['userdata'][$k])) {
  103. $_SESSION['userdata'][$k] = $v;
  104. }
  105. }
  106. $_SESSION['userdata'] = hesk_stripArray($_SESSION['userdata']);
  107. /* What should we do? */
  108. if ($action = hesk_REQUEST('a')) {
  109. if ($action == 'reset_form') {
  110. $_SESSION['edit_userdata'] = TRUE;
  111. header('Location: ./manage_users.php');
  112. } elseif ($action == 'edit') {
  113. edit_user();
  114. } elseif (defined('HESK_DEMO')) {
  115. hesk_process_messages($hesklang['ddemo'], 'manage_users.php', 'NOTICE');
  116. } elseif ($action == 'new') {
  117. new_user();
  118. } elseif ($action == 'save') {
  119. update_user();
  120. } elseif ($action == 'remove') {
  121. remove();
  122. } elseif ($action == 'autoassign') {
  123. toggle_autoassign();
  124. } elseif ($action == 'active') {
  125. toggle_active();
  126. } else {
  127. hesk_error($hesklang['invalid_action']);
  128. }
  129. } else {
  130. /* If one came from the Edit page make sure we reset user values */
  131. if (isset($_SESSION['save_userdata'])) {
  132. $_SESSION['userdata'] = $default_userdata;
  133. unset($_SESSION['save_userdata']);
  134. }
  135. if (isset($_SESSION['edit_userdata'])) {
  136. $_SESSION['userdata'] = $default_userdata;
  137. unset($_SESSION['edit_userdata']);
  138. }
  139. /* Print header */
  140. require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
  141. require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
  142. ?>
  143. <div class="content-wrapper">
  144. <section class="content">
  145. <?php
  146. hesk_handle_messages();
  147. // If POP3 fetching is active, no user should have the same email address
  148. if ($hesk_settings['pop3'] && hesk_validateEmail($hesk_settings['pop3_user'], 'ERR', 0)) {
  149. $res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `email` LIKE '".hesk_dbEscape($hesk_settings['pop3_user'])."'");
  150. if (hesk_dbNumRows($res) > 0) {
  151. while ($myuser = hesk_dbFetchAssoc($res)) {
  152. if (compare_user_permissions($myuser['id'], $myuser['isadmin'], explode(',', $myuser['categories']) , explode(',', $myuser['heskprivileges']))) {
  153. hesk_show_notice(sprintf($hesklang['pop3_warning'], $myuser['name'], $hesk_settings['pop3_user']) . "<br /><br />" . $hesklang['fetch_warning'], $hesklang['warn']);
  154. break;
  155. }
  156. }
  157. }
  158. }
  159. // If IMAP fetching is active, no user should have the same email address
  160. if ($hesk_settings['imap'] && hesk_validateEmail($hesk_settings['imap_user'], 'ERR', 0)) {
  161. $res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `email` LIKE '".hesk_dbEscape($hesk_settings['imap_user'])."'");
  162. if (hesk_dbNumRows($res) > 0) {
  163. while ($myuser = hesk_dbFetchAssoc($res)) {
  164. if (compare_user_permissions($myuser['id'], $myuser['isadmin'], explode(',', $myuser['categories']) , explode(',', $myuser['heskprivileges']))) {
  165. hesk_show_notice(sprintf($hesklang['imap_warning'], $myuser['name'], $hesk_settings['imap_user']) . "<br /><br />" . $hesklang['fetch_warning'], $hesklang['warn']);
  166. break;
  167. }
  168. }
  169. }
  170. }
  171. ?>
  172. <script language="Javascript" type="text/javascript"><!--
  173. function confirm_delete() {
  174. if (confirm('<?php echo addslashes($hesklang['sure_remove_user']); ?>')) {
  175. return true;
  176. }
  177. else {
  178. return false;
  179. }
  180. }
  181. //-->
  182. </script>
  183. <div class="box collapsed-box">
  184. <div class="box-header with-border">
  185. <h1 class="box-title">
  186. <?php echo $hesklang['add_user']; ?>
  187. <a href="javascript:void(0)" onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['users_intro']); ?>')">
  188. <i class="fa fa-question-circle settingsquestionmark"></i>
  189. </a>
  190. </h1>
  191. <div class="box-tools pull-right">
  192. <button type="button" class="btn btn-box-tool" data-widget="collapse">
  193. <i class="fa fa-plus"></i>
  194. </button>
  195. </div>
  196. </div>
  197. <div class="box-body">
  198. <?php echo $hesklang['req_marked_with']; ?> <span class="red">*</span>
  199. <form data-toggle="validator" name="form1" method="post" action="manage_users.php" class="form-horizontal" role="form">
  200. <?php hesk_profile_tab('userdata', false, 'create_user'); ?>
  201. </form>
  202. </div>
  203. </div>
  204. <div class="box">
  205. <div class="box-header with-border">
  206. <h1 class="box-title">
  207. <?php echo $hesklang['manage_users']; ?>
  208. <a href="javascript:void(0)" onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['users_intro']); ?>')">
  209. <i class="fa fa-question-circle settingsquestionmark"></i>
  210. </a>
  211. </h1>
  212. <div class="box-tools pull-right">
  213. <button type="button" class="btn btn-box-tool" data-widget="collapse">
  214. <i class="fa fa-minus"></i>
  215. </button>
  216. </div>
  217. </div>
  218. <div class="box-body">
  219. <table class="table table-hover">
  220. <tr>
  221. <th><b><i><?php echo $hesklang['name']; ?></i></b></th>
  222. <th><b><i><?php echo $hesklang['email']; ?></i></b></th>
  223. <th><b><i><?php echo $hesklang['username']; ?></i></b></th>
  224. <th><b><i><?php echo $hesklang['permission_group']; ?></i></b></th>
  225. <?php
  226. /* Is user rating enabled? */
  227. if ($hesk_settings['rating']) {
  228. ?>
  229. <th><b><i><?php echo $hesklang['rating']; ?></i></b></th>
  230. <?php
  231. }
  232. ?>
  233. <th><b><i>&nbsp;<?php echo $hesklang['opt']; ?>&nbsp;</i></b></th>
  234. </tr>
  235. <!-- I can't get this block to tab over without breaking, so it will be awkwardly sticking out for now :( -->
  236. <?php
  237. $res = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'users` ORDER BY `name` ASC');
  238. $i = 1;
  239. $cannot_manage = array();
  240. while ($myuser = hesk_dbFetchAssoc($res)) {
  241. if (!compare_user_permissions($myuser['id'], $myuser['isadmin'], explode(',', $myuser['categories']), explode(',', $myuser['heskprivileges']))) {
  242. $cannot_manage[$myuser['id']] = array('name' => $myuser['name'], 'user' => $myuser['user'], 'email' => $myuser['email']);
  243. continue;
  244. }
  245. if (isset($_SESSION['seluser']) && $myuser['id'] == $_SESSION['seluser']) {
  246. $color = 'admin_green';
  247. unset($_SESSION['seluser']);
  248. } else {
  249. $color = $i ? 'admin_white' : 'admin_gray';
  250. }
  251. $tmp = $i ? 'White' : 'Blue';
  252. $style = 'class="option' . $tmp . 'OFF" onmouseover="this.className=\'option' . $tmp . 'ON\'" onmouseout="this.className=\'option' . $tmp . 'OFF\'"';
  253. $i = $i ? 0 : 1;
  254. /* User online? */
  255. if ($hesk_settings['online']) {
  256. if (isset($hesk_settings['users_online'][$myuser['id']])) {
  257. $myuser['name'] = '<i class="fa fa-fw fa-circle green" data-toggle="tooltip" data-placement="top" title="' . $hesklang['online'] . '"></i> ' . $myuser['name'];
  258. } else {
  259. $myuser['name'] = '<i class="fa fa-fw fa-circle gray" data-toggle="tooltip" data-placement="top" title="' . $hesklang['offline'] . '"></i> ' . $myuser['name'];
  260. }
  261. }
  262. /* To edit yourself go to "Profile" page, not here. */
  263. if ($myuser['id'] == $_SESSION['id']) {
  264. $edit_code = '<a name="Edit '.$myuser['user'].'" href="profile.php"><i class="fa fa-fw fa-pencil icon-link orange" data-toggle="tooltip" data-placement="top" title="' . $hesklang['edit'] . '"></i></a>';
  265. } elseif ($myuser['id'] == 1) {
  266. $edit_code = ' <img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" />';
  267. } else {
  268. $edit_code = '<a name="Edit '.$myuser['user'].'" href="manage_users.php?a=edit&amp;id=' . $myuser['id'] . '"><i class="fa fa-fw fa-pencil icon-link orange" data-toggle="tooltip" data-placement="top" title="' . $hesklang['edit'] . '"></i></a>';
  269. }
  270. if ($myuser['isadmin']) {
  271. $myuser['isadmin'] = '<font class="open">' . $hesklang['yes'] . '</font>';
  272. } else {
  273. $myuser['isadmin'] = '<font class="resolved">' . $hesklang['no'] . '</font>';
  274. }
  275. /* Deleting user with ID 1 (default administrator) is not allowed. Also don't allow the logged in user to be deleted or inactivated */
  276. if ($myuser['id'] == 1 || $myuser['id'] == $_SESSION['id']) {
  277. $remove_code = ' <img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" />';
  278. } else {
  279. $remove_code = ' <a name="Delete '.$myuser['user'].'" href="manage_users.php?a=remove&amp;id=' . $myuser['id'] . '&amp;token=' . hesk_token_echo(0) . '" onclick="return confirm_delete();"><i class="fa fa-fw fa-times icon-link red" data-toggle="tooltip" data-placement="top" title="' . $hesklang['delete'] . '"></i></a>';
  280. }
  281. /* Is auto assign enabled? */
  282. if ($hesk_settings['autoassign']) {
  283. if ($myuser['autoassign']) {
  284. $autoassign_code = '<a name="Unassign '.$myuser['user'].'" href="manage_users.php?a=autoassign&amp;s=0&amp;id=' . $myuser['id'] . '&amp;token=' . hesk_token_echo(0) . '"><i class="fa fa-fw fa-bolt icon-link orange" data-toggle="tooltip" data-placement="top" title="' . $hesklang['aaon'] . '"></i></a>';
  285. } else {
  286. $autoassign_code = '<a name="Assign '.$myuser['user'].'" href="manage_users.php?a=autoassign&amp;s=1&amp;id=' . $myuser['id'] . '&amp;token=' . hesk_token_echo(0) . '"><i class="fa fa-fw fa-bolt icon-link gray" data-toggle="tooltip" data-placement="top" title="' . $hesklang['aaoff'] . '"></i></a>';
  287. }
  288. } else {
  289. $autoassign_code = '';
  290. }
  291. $activeMarkup = '';
  292. if ($myuser['id'] != $_SESSION['id'] && $myuser['id'] != 1) {
  293. /* Is the user active? */
  294. if ($myuser['active']) {
  295. $activeMarkup = '<a href="manage_users.php?a=active&amp;s=0&amp;id=' . $myuser['id'] . '&amp;token=' . hesk_token_echo(0) . '"><i class="fa fa-fw fa-user icon-link green" data-toggle="tooltip" data-placement="top" title="' . $hesklang['disable_user'] . '"></i></a>';
  296. } else {
  297. $activeMarkup = '<a href="manage_users.php?a=active&amp;s=1&amp;id=' . $myuser['id'] . '&amp;token=' . hesk_token_echo(0) . '"><i class="fa fa-fw fa-user icon-link gray" data-toggle="tooltip" data-placement="top" title="' . $hesklang['enable_user'] . '"></i></a>';
  298. }
  299. }
  300. $templateName = $hesklang['custom'];
  301. if ($myuser['permission_template'] != -1) {
  302. $result = hesk_dbQuery("SELECT `name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "permission_templates` WHERE `id` = " . intval($myuser['permission_template']));
  303. $row = hesk_dbFetchAssoc($result);
  304. $templateName = $row['name'];
  305. }
  306. echo <<<EOC
  307. <tr>
  308. <td>$myuser[name]</td>
  309. <td><a href="mailto:$myuser[email]">$myuser[email]</a></td>
  310. <td>$myuser[user]</td>
  311. <td>$templateName</td>
  312. EOC;
  313. if ($hesk_settings['rating']) {
  314. $alt = $myuser['rating'] ? sprintf($hesklang['rated'], sprintf("%01.1f", $myuser['rating']), ($myuser['ratingneg'] + $myuser['ratingpos'])) : $hesklang['not_rated'];
  315. echo '<td><span data-toggle="tooltip" title="' . $alt . '">'.mfh_get_stars(hesk_round_to_half($myuser['rating'])).'</span></td>';
  316. }
  317. echo <<<EOC
  318. <td>$autoassign_code $edit_code $remove_code $activeMarkup</td>
  319. </tr>
  320. EOC;
  321. } // End while
  322. ?>
  323. </table>
  324. <?php if ($hesk_settings['online']) {
  325. echo '&nbsp;&nbsp;&nbsp;<i class="fa fa-fw fa-circle green"></i> ' . $hesklang['online'] . ' &nbsp;&nbsp;&nbsp; <i class="fa fa-fw fa-circle gray"></i> ' . $hesklang['offline'];
  326. } ?>
  327. </div>
  328. </div>
  329. <script language="Javascript" type="text/javascript"><!--
  330. hesk_checkPassword(document.form1.newpass.value);
  331. //-->
  332. </script>
  333. </section>
  334. </div>
  335. <?php
  336. require_once(HESK_PATH . 'inc/footer.inc.php');
  337. exit();
  338. } // End else
  339. /*** START FUNCTIONS ***/
  340. function compare_user_permissions($compare_id, $compare_isadmin, $compare_categories, $compare_features)
  341. {
  342. global $hesk_settings;
  343. /* Comparing myself? */
  344. if ($compare_id == $_SESSION['id']) {
  345. return true;
  346. }
  347. /* Admins have full access, no need to compare */
  348. if ($_SESSION['isadmin']) {
  349. return true;
  350. } elseif ($compare_isadmin) {
  351. return false;
  352. }
  353. // Users who can edit categories can see all of them
  354. if (hesk_checkPermission('can_man_cat', 0)) {
  355. return true;
  356. }
  357. /* Compare categories */
  358. foreach ($compare_categories as $catid) {
  359. if (!array_key_exists($catid, $hesk_settings['categories'])) {
  360. return false;
  361. }
  362. }
  363. /* Compare features */
  364. foreach ($compare_features as $feature) {
  365. if (!in_array($feature, $hesk_settings['features'])) {
  366. return false;
  367. }
  368. }
  369. return true;
  370. } // END compare_user_permissions()
  371. function edit_user()
  372. {
  373. global $hesk_settings, $hesklang, $default_userdata;
  374. $id = intval(hesk_GET('id')) or hesk_error("$hesklang[int_error]: $hesklang[no_valid_id]");
  375. /* To edit self fore using "Profile" page */
  376. if ($id == $_SESSION['id']) {
  377. hesk_process_messages($hesklang['eyou'], 'profile.php', 'NOTICE');
  378. }
  379. if ($id == 1) {
  380. hesk_process_messages($hesklang['cant_edit_admin'], './manage_users.php');
  381. }
  382. $_SESSION['edit_userdata'] = TRUE;
  383. if (!isset($_SESSION['save_userdata'])) {
  384. $res = hesk_dbQuery("SELECT *,`heskprivileges` AS `features`, `active`
  385. FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id`='" . intval($id) . "' LIMIT 1");
  386. $_SESSION['userdata'] = hesk_dbFetchAssoc($res);
  387. /* Store original username for display until changes are saved successfully */
  388. $_SESSION['original_user'] = $_SESSION['userdata']['user'];
  389. /* A few variables need special attention... */
  390. if ($_SESSION['userdata']['isadmin']) {
  391. $_SESSION['userdata']['features'] = $default_userdata['features'];
  392. $_SESSION['userdata']['categories'] = $default_userdata['categories'];
  393. } else {
  394. $_SESSION['userdata']['features'] = explode(',', $_SESSION['userdata']['features']);
  395. $_SESSION['userdata']['categories'] = explode(',', $_SESSION['userdata']['categories']);
  396. }
  397. $_SESSION['userdata']['cleanpass'] = '';
  398. }
  399. /* Make sure we have permission to edit this user */
  400. if (!compare_user_permissions($id, $_SESSION['userdata']['isadmin'], $_SESSION['userdata']['categories'], $_SESSION['userdata']['features'])) {
  401. hesk_process_messages($hesklang['npea'], 'manage_users.php');
  402. }
  403. /* Print header */
  404. require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
  405. /* Print main manage users page */
  406. require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
  407. ?>
  408. <div class="content-wrapper">
  409. <ol class="breadcrumb">
  410. <li><a href="manage_users.php"><?php echo $hesklang['manage_users']; ?></a></li>
  411. <li class="active"><?php echo $hesklang['editing_user'] . ' ' . $_SESSION['original_user']; ?></li>
  412. </ol>
  413. <section class="content">
  414. <div class="box">
  415. <div class="box-header with-border">
  416. <h1 class="box-title">
  417. <?php echo $hesklang['editing_user'] . ' <b>' . $_SESSION['original_user'] . '</b>'; ?>
  418. </h1>
  419. </div>
  420. <div class="box-body">
  421. <?php
  422. /* This will handle error, success and notice messages */
  423. hesk_handle_messages();
  424. ?>
  425. <h6><?php echo $hesklang['req_marked_with']; ?> <span class="important">*</span></h6>
  426. <form role="form" class="form-horizontal" name="form1" method="post" action="manage_users.php">
  427. <?php hesk_profile_tab('userdata', false, 'edit_user'); ?>
  428. </form>
  429. <script language="Javascript" type="text/javascript"><!--
  430. hesk_checkPassword(document.form1.newpass.value);
  431. //-->
  432. </script>
  433. </div>
  434. </div>
  435. </section>
  436. </div>
  437. <?php
  438. require_once(HESK_PATH . 'inc/footer.inc.php');
  439. exit();
  440. } // End edit_user()
  441. function new_user()
  442. {
  443. global $hesk_settings, $hesklang;
  444. /* A security check */
  445. hesk_token_check('POST');
  446. $myuser = hesk_validateUserInfo();
  447. /* Categories and Features will be stored as a string */
  448. $myuser['categories'] = implode(',', $myuser['categories']);
  449. $myuser['features'] = implode(',', $myuser['features']);
  450. /* Check for duplicate usernames */
  451. $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user` = '" . hesk_dbEscape($myuser['user']) . "' LIMIT 1");
  452. if (hesk_dbNumRows($result) != 0) {
  453. hesk_process_messages($hesklang['duplicate_user'], 'manage_users.php');
  454. }
  455. /* Admins will have access to all features and categories */
  456. if ($myuser['isadmin']) {
  457. $myuser['categories'] = '';
  458. $myuser['features'] = '';
  459. }
  460. hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` (
  461. `user`,
  462. `pass`,
  463. `isadmin`,
  464. `name`,
  465. `email`,
  466. `signature`,
  467. `categories`,
  468. `autoassign`,
  469. `heskprivileges`,
  470. `afterreply`,
  471. `autostart`,
  472. `autoreload`,
  473. `notify_customer_new`,
  474. `notify_customer_reply`,
  475. `show_suggested`,
  476. `notify_new_unassigned`,
  477. `notify_new_my`,
  478. `notify_reply_unassigned`,
  479. `notify_reply_my`,
  480. `notify_assigned`,
  481. `notify_pm`,
  482. `notify_note`,
  483. `notify_note_unassigned`,
  484. `notify_overdue_unassigned`,
  485. `permission_template`,
  486. `default_calendar_view`) VALUES (
  487. '" . hesk_dbEscape($myuser['user']) . "',
  488. '" . hesk_dbEscape($myuser['pass']) . "',
  489. '" . intval($myuser['isadmin']) . "',
  490. '" . hesk_dbEscape($myuser['name']) . "',
  491. '" . hesk_dbEscape($myuser['email']) . "',
  492. '" . hesk_dbEscape($myuser['signature']) . "',
  493. '" . hesk_dbEscape($myuser['categories']) . "',
  494. '" . intval($myuser['autoassign']) . "',
  495. '" . hesk_dbEscape($myuser['features']) . "',
  496. '" . ($myuser['afterreply']) . "' ,
  497. '" . ($myuser['autostart']) . "' ,
  498. '" . ($myuser['autoreload']) . "' ,
  499. '" . ($myuser['notify_customer_new']) . "' ,
  500. '" . ($myuser['notify_customer_reply']) . "' ,
  501. '" . ($myuser['show_suggested']) . "' ,
  502. '" . ($myuser['notify_new_unassigned']) . "' ,
  503. '" . ($myuser['notify_new_my']) . "' ,
  504. '" . ($myuser['notify_reply_unassigned']) . "' ,
  505. '" . ($myuser['notify_reply_my']) . "' ,
  506. '" . ($myuser['notify_assigned']) . "' ,
  507. '" . ($myuser['notify_pm']) . "',
  508. '" . ($myuser['notify_note']) . "',
  509. '" . ($myuser['notify_note_unassigned']) . "',
  510. '" . ($myuser['notify_overdue_unassigned']) . "',
  511. " . intval($myuser['template']) . ",
  512. " . intval($myuser['default_calendar_view']) . ")");
  513. $_SESSION['seluser'] = hesk_dbInsertID();
  514. unset($_SESSION['userdata']);
  515. hesk_process_messages(sprintf($hesklang['user_added_success'], $myuser['user'], $myuser['cleanpass']), './manage_users.php', 'SUCCESS');
  516. } // End new_user()
  517. function update_user()
  518. {
  519. global $hesk_settings, $hesklang;
  520. /* A security check */
  521. hesk_token_check('POST');
  522. $_SESSION['save_userdata'] = TRUE;
  523. $tmp = intval(hesk_POST('userid')) or hesk_error("$hesklang[int_error]: $hesklang[no_valid_id]");
  524. /* To edit self fore using "Profile" page */
  525. if ($tmp == $_SESSION['id']) {
  526. hesk_process_messages($hesklang['eyou'], 'profile.php', 'NOTICE');
  527. }
  528. $_SERVER['PHP_SELF'] = './manage_users.php?a=edit&id=' . $tmp;
  529. $myuser = hesk_validateUserInfo(0, $_SERVER['PHP_SELF']);
  530. $myuser['id'] = $tmp;
  531. /* Only active users can be assigned tickets. Also turn off all notifications */
  532. if (!$myuser['active']) {
  533. $myuser['autoassign'] = 0;
  534. $myuser['notify_new_unassigned'] = 0;
  535. $myuser['notify_new_my'] = 0;
  536. $myuser['notify_reply_unassigned'] = 0;
  537. $myuser['notify_reply_my'] = 0;
  538. $myuser['notify_assigned'] = 0;
  539. $myuser['notify_pm'] = 0;
  540. $myuser['notify_note'] = 0;
  541. $myuser['notify_note_unassigned'] = 0;
  542. $myuser['notify_overdue_unassigned'] = 0;
  543. }
  544. /* Check for duplicate usernames */
  545. $res = hesk_dbQuery("SELECT `id`,`isadmin`,`categories`,`heskprivileges` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user` = '" . hesk_dbEscape($myuser['user']) . "' LIMIT 1");
  546. if (hesk_dbNumRows($res) == 1) {
  547. $tmp = hesk_dbFetchAssoc($res);
  548. /* Duplicate? */
  549. if ($tmp['id'] != $myuser['id']) {
  550. hesk_process_messages($hesklang['duplicate_user'], $_SERVER['PHP_SELF']);
  551. }
  552. /* Do we have permission to edit this user? */
  553. if (!compare_user_permissions($tmp['id'], $tmp['isadmin'], explode(',', $tmp['categories']), explode(',', $tmp['heskprivileges']))) {
  554. hesk_process_messages($hesklang['npea'], 'manage_users.php');
  555. }
  556. }
  557. /* Admins will have access to all features and categories */
  558. if ($myuser['isadmin']) {
  559. $myuser['categories'] = '';
  560. $myuser['features'] = '';
  561. } /* Not admin */
  562. else {
  563. /* Categories and Features will be stored as a string */
  564. $myuser['categories'] = implode(',', $myuser['categories']);
  565. $myuser['features'] = implode(',', $myuser['features']);
  566. /* Unassign tickets from categories that the user had access before but doesn't anymore */
  567. hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`=0 WHERE `owner`='" . intval($myuser['id']) . "' AND `category` NOT IN (" . $myuser['categories'] . ")");
  568. }
  569. // Find the list of categories they are manager of. If they no longer have access to the category, revoke their manager permission.
  570. if ($myuser['isadmin']) {
  571. // Admins can't be managers
  572. hesk_dbQuery('UPDATE `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'categories` SET `manager` = 0 WHERE `manager` = ' . intval($myuser['id']));
  573. } else {
  574. $currentCatRs = hesk_dbQuery("SELECT `categories` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id` = '" . intval($myuser['id']) . "' LIMIT 1");
  575. $rowOfCategories = hesk_dbFetchAssoc($currentCatRs);
  576. $cats = $rowOfCategories['categories'];
  577. $currentCategories = explode(',', $cats);
  578. $newCategories = explode(',', $myuser['categories']);
  579. // If any any elements are in current but not in new, add them to the revoke array
  580. $revokeCats = array();
  581. foreach ($currentCategories as $currentCategory) {
  582. if (!in_array($currentCategory, $newCategories) && $currentCategory != '') {
  583. array_push($revokeCats, $currentCategory);
  584. }
  585. }
  586. if (count($revokeCats) > 0) {
  587. hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `manager` = 0 WHERE `id` IN (" . implode(',', $revokeCats) . ")");
  588. }
  589. }
  590. hesk_dbQuery(
  591. "UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET
  592. `user`='" . hesk_dbEscape($myuser['user']) . "',
  593. `name`='" . hesk_dbEscape($myuser['name']) . "',
  594. `email`='" . hesk_dbEscape($myuser['email']) . "',
  595. `signature`='" . hesk_dbEscape($myuser['signature']) . "'," . (isset($myuser['pass']) ? "`pass`='" . hesk_dbEscape($myuser['pass']) . "'," : '') . "
  596. `categories`='" . hesk_dbEscape($myuser['categories']) . "',
  597. `isadmin`='" . intval($myuser['isadmin']) . "',
  598. `active`='" . intval($myuser['active']) . "',
  599. `autoassign`='" . intval($myuser['autoassign']) . "',
  600. `heskprivileges`='" . hesk_dbEscape($myuser['features']) . "',
  601. `afterreply`='" . ($myuser['afterreply']) . "' ,
  602. `autostart`='" . ($myuser['autostart']) . "' ,
  603. `autoreload`='" . ($myuser['autoreload']) . "' ,
  604. `notify_customer_new`='" . ($myuser['notify_customer_new']) . "' ,
  605. `notify_customer_reply`='" . ($myuser['notify_customer_reply']) . "' ,
  606. `show_suggested`='" . ($myuser['show_suggested']) . "' ,
  607. `notify_new_unassigned`='" . ($myuser['notify_new_unassigned']) . "' ,
  608. `notify_new_my`='" . ($myuser['notify_new_my']) . "' ,
  609. `notify_reply_unassigned`='" . ($myuser['notify_reply_unassigned']) . "' ,
  610. `notify_reply_my`='" . ($myuser['notify_reply_my']) . "' ,
  611. `notify_assigned`='" . ($myuser['notify_assigned']) . "' ,
  612. `notify_pm`='" . ($myuser['notify_pm']) . "',
  613. `notify_note`='" . ($myuser['notify_note']) . "',
  614. `notify_note_unassigned`='" . ($myuser['notify_note_unassigned']) . "',
  615. `notify_overdue_unassigned`='" . ($myuser['notify_overdue_unassigned']) . "',
  616. `permission_template`=" . intval($myuser['template']) . ",
  617. `default_calendar_view`=" . intval($myuser['default_calendar_view']) . "
  618. WHERE `id`='" . intval($myuser['id']) . "'");
  619. // If they are now inactive, remove any manager rights
  620. if (!$myuser['active']) {
  621. hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `manager` = 0 WHERE `manager` = " . intval($myuser['id']));
  622. }
  623. unset($_SESSION['save_userdata']);
  624. unset($_SESSION['userdata']);
  625. hesk_process_messages($hesklang['user_profile_updated_success'], $_SERVER['PHP_SELF'], 'SUCCESS');
  626. } // End update_profile()
  627. function hesk_validateUserInfo($pass_required = 1, $redirect_to = './manage_users.php')
  628. {
  629. global $hesk_settings, $hesklang;
  630. $hesk_error_buffer = '';
  631. $myuser['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_real_name'] . '</li>';
  632. $myuser['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer .= '<li>' . $hesklang['enter_valid_email'] . '</li>';
  633. $myuser['user'] = hesk_input(hesk_POST('user')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_username'] . '</li>';
  634. $myuser['isadmin'] = hesk_POST('template') == '1' ? 1 : 0;
  635. $myuser['template'] = hesk_POST('template');
  636. $myuser['signature'] = hesk_input(hesk_POST('signature'));
  637. $myuser['autoassign'] = hesk_POST('autoassign') == 'Y' ? 1 : 0;
  638. $myuser['active'] = empty($_POST['active']) ? 0 : 1;
  639. $myuser['can_change_notification_settings'] = empty($_POST['can_change_notification_settings']) ? 0 : 1;
  640. /* If it's not admin at least one category and fature is required */
  641. $myuser['categories'] = array();
  642. $myuser['features'] = array();
  643. if ($myuser['isadmin'] == 0) {
  644. if (empty($_POST['categories']) || !is_array($_POST['categories'])) {
  645. $hesk_error_buffer .= '<li>' . $hesklang['asign_one_cat'] . '</li>';
  646. } else {
  647. foreach ($_POST['categories'] as $tmp) {
  648. if (is_array($tmp)) {
  649. continue;
  650. }
  651. if ($tmp = intval($tmp)) {
  652. $myuser['categories'][] = $tmp;
  653. }
  654. }
  655. }
  656. if (empty($_POST['features']) || !is_array($_POST['features'])) {
  657. $hesk_error_buffer .= '<li>' . $hesklang['asign_one_feat'] . '</li>';
  658. } else {
  659. foreach ($_POST['features'] as $tmp) {
  660. if (in_array($tmp, $hesk_settings['features'])) {
  661. $myuser['features'][] = $tmp;
  662. }
  663. }
  664. }
  665. }
  666. if (hesk_mb_strlen($myuser['signature']) > 1000) {
  667. $hesk_error_buffer .= '<li>' . $hesklang['signature_long'] . '</li>';
  668. }
  669. /* Password */
  670. $myuser['cleanpass'] = '';
  671. $newpass = hesk_input(hesk_POST('newpass'));
  672. $passlen = strlen($newpass);
  673. if ($pass_required || $passlen > 0) {
  674. /* At least 5 chars? */
  675. if ($passlen < 5) {
  676. $hesk_error_buffer .= '<li>' . $hesklang['password_not_valid'] . '</li>';
  677. } /* Check password confirmation */
  678. else {
  679. $newpass2 = hesk_input(hesk_POST('newpass2'));
  680. if ($newpass != $newpass2) {
  681. $hesk_error_buffer .= '<li>' . $hesklang['passwords_not_same'] . '</li>';
  682. } else {
  683. $myuser['pass'] = hesk_Pass2Hash($newpass);
  684. $myuser['cleanpass'] = $newpass;
  685. }
  686. }
  687. }
  688. /* After reply */
  689. $myuser['afterreply'] = intval(hesk_POST('afterreply'));
  690. if ($myuser['afterreply'] != 1 && $myuser['afterreply'] != 2) {
  691. $myuser['afterreply'] = 0;
  692. }
  693. // Defaults
  694. $myuser['autostart'] = isset($_POST['autostart']) ? 1 : 0;
  695. $myuser['notify_customer_new'] = isset($_POST['notify_customer_new']) ? 1 : 0;
  696. $myuser['notify_customer_reply'] = isset($_POST['notify_customer_reply']) ? 1 : 0;
  697. $myuser['show_suggested'] = isset($_POST['show_suggested']) ? 1 : 0;
  698. $myuser['autoreload'] = isset($_POST['autoreload']) ? 1 : 0;
  699. if ($myuser['autoreload']) {
  700. $myuser['autoreload'] = intval(hesk_POST('reload_time'));
  701. if (hesk_POST('secmin') == 'min') {
  702. $myuser['autoreload'] *= 60;
  703. }
  704. if ($myuser['autoreload'] < 0 || $myuser['autoreload'] > 65535) {
  705. $myuser['autoreload'] = 30;
  706. }
  707. }
  708. $myuser['default_calendar_view'] = hesk_POST('default-calendar-view', 0);
  709. /* Notifications */
  710. $myuser['notify_new_unassigned'] = empty($_POST['notify_new_unassigned']) ? 0 : 1;
  711. $myuser['notify_new_my'] = empty($_POST['notify_new_my']) ? 0 : 1;
  712. $myuser['notify_reply_unassigned'] = empty($_POST['notify_reply_unassigned']) ? 0 : 1;
  713. $myuser['notify_reply_my'] = empty($_POST['notify_reply_my']) ? 0 : 1;
  714. $myuser['notify_assigned'] = empty($_POST['notify_assigned']) ? 0 : 1;
  715. $myuser['notify_note'] = empty($_POST['notify_note']) ? 0 : 1;
  716. $myuser['notify_pm'] = empty($_POST['notify_pm']) ? 0 : 1;
  717. $myuser['notify_note_unassigned'] = empty($_POST['notify_note_unassigned']) ? 0 : 1;
  718. $myuser['notify_overdue_unassigned'] = empty($_POST['notify_overdue_unassigned']) ? 0 : 1;
  719. /* Save entered info in session so we don't loose it in case of errors */
  720. $_SESSION['userdata'] = $myuser;
  721. /* Any errors */
  722. if (strlen($hesk_error_buffer)) {
  723. if ($myuser['isadmin']) {
  724. // Preserve default staff data for the form
  725. global $default_userdata;
  726. $_SESSION['userdata']['features'] = $default_userdata['features'];
  727. $_SESSION['userdata']['categories'] = $default_userdata['categories'];
  728. }
  729. $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
  730. hesk_process_messages($hesk_error_buffer, $redirect_to);
  731. }
  732. // "can_unban_emails" feature also enables "can_ban_emails"
  733. if (in_array('can_unban_emails', $myuser['features']) && !in_array('can_ban_emails', $myuser['features'])) {
  734. $myuser['features'][] = 'can_ban_emails';
  735. }
  736. return $myuser;
  737. } // End hesk_validateUserInfo()
  738. function remove()
  739. {
  740. global $hesk_settings, $hesklang;
  741. /* A security check */
  742. hesk_token_check();
  743. $myuser = intval(hesk_GET('id')) or hesk_error($hesklang['no_valid_id']);
  744. /* You can't delete the default user */
  745. if ($myuser == 1) {
  746. hesk_process_messages($hesklang['cant_del_admin'], './manage_users.php');
  747. }
  748. /* You can't delete your own account (the one you are logged in) */
  749. if ($myuser == $_SESSION['id']) {
  750. hesk_process_messages($hesklang['cant_del_own'], './manage_users.php');
  751. }
  752. // Revoke manager rights
  753. hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `manager` = 0 WHERE `manager` = " . intval($myuser));
  754. /* Un-assign all tickets for this user */
  755. $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`=0 WHERE `owner`='" . intval($myuser) . "'");
  756. /* Delete user info */
  757. $res = hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id`='" . intval($myuser) . "'");
  758. if (hesk_dbAffectedRows() != 1) {
  759. hesk_process_messages($hesklang['int_error'] . ': ' . $hesklang['user_not_found'], './manage_users.php');
  760. }
  761. hesk_process_messages($hesklang['sel_user_removed'], './manage_users.php', 'SUCCESS');
  762. } // End remove()
  763. function toggle_autoassign()
  764. {
  765. global $hesk_settings, $hesklang;
  766. /* A security check */
  767. hesk_token_check();
  768. $myuser = intval(hesk_GET('id')) or hesk_error($hesklang['no_valid_id']);
  769. $_SESSION['seluser'] = $myuser;
  770. if (intval(hesk_GET('s'))) {
  771. $autoassign = 1;
  772. $tmp = $hesklang['uaaon'];
  773. } else {
  774. $autoassign = 0;
  775. $tmp = $hesklang['uaaoff'];
  776. }
  777. /* Update auto-assign settings */
  778. $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `autoassign`='{$autoassign}' WHERE `id`='" . intval($myuser) . "'");
  779. if (hesk_dbAffectedRows() != 1) {
  780. hesk_process_messages($hesklang['int_error'] . ': ' . $hesklang['user_not_found'], './manage_users.php');
  781. }
  782. hesk_process_messages($tmp, './manage_users.php', 'SUCCESS');
  783. } // End toggle_autoassign()
  784. function toggle_active()
  785. {
  786. global $hesk_settings, $hesklang;
  787. /* Security check */
  788. hesk_token_check();
  789. $myuser = intval(hesk_GET('id')) or hesk_error($hesklang['no_valid_id']);
  790. $_SESSION['seluser'] = $myuser;
  791. if (intval($myuser) == $_SESSION['id']) {
  792. //-- You can't deactivate yourself!
  793. hesk_process_messages($hesklang['self_deactivation'], './manage_users.php');
  794. }
  795. if (intval(hesk_GET('s'))) {
  796. $active = 1;
  797. $tmp = $hesklang['user_activated'];
  798. $notificationSql = "";
  799. } else {
  800. $active = 0;
  801. $tmp = $hesklang['user_deactivated'];
  802. // Revoke any manager rights
  803. hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `manager` = 0 WHERE `manager` = " . intval($myuser));
  804. $notificationSql = ", `autoassign` = '0', `notify_new_unassigned` = '0', `notify_new_my` = '0', `notify_reply_unassigned` = '0',
  805. `notify_reply_my` = '0', `notify_assigned` = '0', `notify_pm` = '0', `notify_note` = '0', `notify_note_unassigned` = '0', `notify_overdue_unassigned` = '0'";
  806. }
  807. hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `active` = '" . $active . "'" . $notificationSql . " WHERE `id` = '" . intval($myuser) . "'");
  808. if (hesk_dbAffectedRows() != 1) {
  809. hesk_process_messages($hesklang['int_error'] . ': ' . $hesklang['user_not_found'], './manage_users.php');
  810. }
  811. hesk_process_messages($tmp, './manage_users.php', 'SUCCESS');
  812. }
  813. ?>