Mods-for-HESK-Netsyms/admin/profile.php

<?php
/*******************************************************************************
 *  Title: Help Desk Software HESK
 *  Version: 2.6.7 from 18th April 2016
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
 *  COPYRIGHT AND TRADEMARK NOTICE
 *  Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
 *  HESK is a registered trademark of Klemen Stirn.
 *  The HESK may be used and modified free of charge by anyone
 *  AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
 *  By using this code you agree to indemnify Klemen Stirn from any
 *  liability that might arise from it's use.
 *  Selling the code for this program, in part or full, without prior
 *  written consent is expressly forbidden.
 *  Using this code, in part or full, to create derivate work,
 *  new scripts or products is expressly forbidden. Obtain permission
 *  before redistributing this software over the Internet or in
 *  any other medium. In all cases copyright and header must remain intact.
 *  This Copyright is in full effect in any country that has International
 *  Trade Agreements with the United States of America or
 *  with the European Union.
 *  Removing any of the copyright notices without purchasing a license
 *  is expressly forbidden. To remove HESK copyright notice you must purchase
 *  a license for this script. For more information on how to obtain
 *  a license please visit the page below:
 *  https://www.hesk.com/buy.php
 *******************************************************************************/

define('IN_SCRIPT', 1);
define('HESK_PATH', '../');
define('PAGE_TITLE', 'ADMIN_PROFILE');

/* Get all the required files and functions */
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
require(HESK_PATH . 'inc/profile_functions.inc.php');
hesk_load_database_functions();

hesk_session_start();
hesk_dbConnect();
hesk_isLoggedIn();

/* Check permissions */
$can_view_tickets = hesk_checkPermission('can_view_tickets', 0);
$can_reply_tickets = hesk_checkPermission('can_reply_tickets', 0);
$can_view_unassigned = hesk_checkPermission('can_view_unassigned', 0);

/* Update profile? */
if (!empty($_POST['action'])) {
    // Demo mode
    if (defined('HESK_DEMO')) {
        hesk_process_messages($hesklang['sdemo'], 'profile.php', 'NOTICE');
    }

    // Update profile
    update_profile();
} else {
    $res = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id` = '" . intval($_SESSION['id']) . "' LIMIT 1");
    $tmp = hesk_dbFetchAssoc($res);

    foreach ($tmp as $k => $v) {
        if ($k == 'pass') {
            if ($v == '499d74967b28a841c98bb4baaabaad699ff3c079') {
                define('WARN_PASSWORD', true);
            }
            continue;
        } elseif ($k == 'categories') {
            continue;
        }
        $_SESSION['new'][$k] = $v;
    }
}

if (!isset($_SESSION['new']['username'])) {
    $_SESSION['new']['username'] = '';
}

/* Print header */
require_once(HESK_PATH . 'inc/headerAdmin.inc.php');

/* Print admin navigation */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>

<div class="row">
    <div class="col-md-8 col-md-offset-2 pad-down-20">
        <?php
        /* This will handle error, success and notice messages */
        hesk_handle_messages();

        if (defined('WARN_PASSWORD')) {
            hesk_show_notice($hesklang['chdp2'], $hesklang['security']);
        }
        ?>

        <h3><?php echo $hesklang['profile_for'] . ' <b>' . $_SESSION['new']['user']; ?></b></h3>
        <h6><?php echo $hesklang['req_marked_with']; ?> <span class="important">*</span></h6>

        <div class="footerWithBorder blankSpace"></div>

        <?php
        if ($hesk_settings['can_sel_lang']) {
            /* Update preferred language in the database? */
            if (isset($_GET['save_language'])) {
                $newlang = hesk_input(hesk_GET('language'));

                /* Only update if it's a valid language */
                if (isset($hesk_settings['languages'][$newlang])) {
                    $newlang = ($newlang == HESK_DEFAULT_LANGUAGE) ? "NULL" : "'" . hesk_dbEscape($newlang) . "'";
                    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `language`=$newlang WHERE `id`='" . intval($_SESSION['id']) . "' LIMIT 1");
                }
            }

            $str = '<form class="form-horizontal" role="form" method="get" action="profile.php">';
            $str .= '<input type="hidden" name="save_language" value="1" />';
            $str .= '<div class="form-group">';
            $str .= '<label for="language" class="col-sm-3 control-label">' . $hesklang['chol'] . ':</label>';

            if (!isset($_GET)) {
                $_GET = array();
            }

            foreach ($_GET as $k => $v) {
                if ($k == 'language' || $k == 'save_language') {
                    continue;
                }
                $str .= '<input type="hidden" name="' . htmlentitieshesk_htmlentities($k) . '" value="' . hesk_htmlentities($v) . '" />';
            }

            $str .= '<div class="col-sm-9"><select class="form-control" name="language" onchange="this.form.submit()">';
            $str .= hesk_listLanguages(0);
            $str .= '</select></div>';
            $str .= '</div>'

            ?>
            <script language="javascript" type="text/javascript">
                document.write('<?php echo str_replace(array('"','<','=','>',"'"),array('\42','\74','\75','\76','\47'),$str . '</form>'); ?>');
            </script>
            <noscript>
                <?php
                echo $str . '<input type="submit" value="' . $hesklang['go'] . '" /></form>';
                ?>
            </noscript>
            <?php
        }
        ?>

        <form role="form" class="form-horizontal" method="post" action="profile.php" name="form1" data-toggle="validator">
            <?php hesk_profile_tab('new'); ?>
        </form>
    </div>
</div>

<?php
require_once(HESK_PATH . 'inc/footer.inc.php');
exit();


/*** START FUNCTIONS ***/

function update_profile()
{
    global $hesk_settings, $hesklang, $can_view_unassigned;

    /* A security check */
    hesk_token_check('POST');

    $sql_pass = '';
    $sql_username = '';

    $hesk_error_buffer = '';

    $_SESSION['new']['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_your_name'] . '</li>';
    $_SESSION['new']['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer = '<li>' . $hesklang['enter_valid_email'] . '</li>';
    $_SESSION['new']['signature'] = hesk_input(hesk_POST('signature'));

    /* Signature */
    if (strlen($_SESSION['new']['signature']) > 1000) {
        $hesk_error_buffer .= '<li>' . $hesklang['signature_long'] . '</li>';
    }

    /* Admins can change username */
    if ($_SESSION['isadmin']) {
        $_SESSION['new']['user'] = hesk_input(hesk_POST('user')) or $hesk_error_buffer .= '<li>' . $hesklang['enter_username'] . '</li>';

        /* Check for duplicate usernames */
        $result = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user`='" . hesk_dbEscape($_SESSION['new']['user']) . "' AND `id`!='" . intval($_SESSION['id']) . "' LIMIT 1");
        if (hesk_dbNumRows($result) != 0) {
            $hesk_error_buffer .= '<li>' . $hesklang['duplicate_user'] . '</li>';
        } else {
            $sql_username = ",`user`='" . hesk_dbEscape($_SESSION['new']['user']) . "'";
        }
    }

    /* Change password? */
    $newpass = hesk_input(hesk_POST('newpass'));
    $passlen = strlen($newpass);
    if ($passlen > 0) {
        /* At least 5 chars? */
        if ($passlen < 5) {
            $hesk_error_buffer .= '<li>' . $hesklang['password_not_valid'] . '</li>';
        } /* Check password confirmation */
        else {
            $newpass2 = hesk_input(hesk_POST('newpass2'));

            if ($newpass != $newpass2) {
                $hesk_error_buffer .= '<li>' . $hesklang['passwords_not_same'] . '</li>';
            } else {
                $newpass_hash = hesk_Pass2Hash($newpass);
                if ($newpass_hash == '499d74967b28a841c98bb4baaabaad699ff3c079') {
                    define('WARN_PASSWORD', true);
                }
                $sql_pass = ',`pass`=\'' . $newpass_hash . '\'';
            }
        }
    }

    /* After reply */
    $_SESSION['new']['afterreply'] = intval(hesk_POST('afterreply'));
    if ($_SESSION['new']['afterreply'] != 1 && $_SESSION['new']['afterreply'] != 2) {
        $_SESSION['new']['afterreply'] = 0;
    }
    $_SESSION['new']['notify_customer_new'] = isset($_POST['notify_customer_new']) ? 1 : 0;
    $_SESSION['new']['notify_customer_reply'] = isset($_POST['notify_customer_reply']) ? 1 : 0;
    $_SESSION['new']['show_suggested'] = isset($_POST['show_suggested']) ? 1 : 0;

    /* Auto-start ticket timer */
    $_SESSION['new']['autostart'] = isset($_POST['autostart']) ? 1 : 0;

    /* Default calendar view */
    $_SESSION['new']['default_calendar_view'] = hesk_POST('default-calendar-view', 0);

    /* Update auto-refresh time */
    $_SESSION['new']['autorefresh'] = isset($_POST['autorefresh']) ? $_POST['autorefresh'] : 0;

    /* Notifications */
    if (!(!$_SESSION[$session_array]['isadmin'] && isset($_SESSION[$session_array]['heskprivileges'])
        && strpos($_SESSION[$session_array]['heskprivileges'], 'can_change_notification_settings') === false)) {
        $_SESSION['new']['notify_new_unassigned'] = empty($_POST['notify_new_unassigned']) || !$can_view_unassigned ? 0 : 1;
        $_SESSION['new']['notify_new_my'] = empty($_POST['notify_new_my']) ? 0 : 1;
        $_SESSION['new']['notify_reply_unassigned'] = empty($_POST['notify_reply_unassigned']) || !$can_view_unassigned ? 0 : 1;
        $_SESSION['new']['notify_reply_my'] = empty($_POST['notify_reply_my']) ? 0 : 1;
        $_SESSION['new']['notify_assigned'] = empty($_POST['notify_assigned']) ? 0 : 1;
        $_SESSION['new']['notify_note'] = empty($_POST['notify_note']) ? 0 : 1;
        $_SESSION['new']['notify_note_unassigned'] = empty($_POST['notify_note_unassigned']) ? 0 : 1;
        $_SESSION['new']['notify_pm'] = empty($_POST['notify_pm']) ? 0 : 1;
        $_SESSION['new']['notify_overdue_unassigned'] = empty($_POST['notify_overdue_unassigned']) ? 0 : 1;
    }

    /* Any errors? */
    if (strlen($hesk_error_buffer)) {
        /* Process the session variables */
        $_SESSION['new'] = hesk_stripArray($_SESSION['new']);

        $hesk_error_buffer = $hesklang['rfm'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
        hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
    } else {
        /* Update database */
        hesk_dbQuery(
            "UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET
	    `name`='" . hesk_dbEscape($_SESSION['new']['name']) . "',
	    `email`='" . hesk_dbEscape($_SESSION['new']['email']) . "',
		`signature`='" . hesk_dbEscape($_SESSION['new']['signature']) . "'
        $sql_username
		$sql_pass ,
	    `afterreply`='" . intval($_SESSION['new']['afterreply']) . "' ,
        `autostart`='" . intval($_SESSION['new']['autostart']) . "' ,
        `autorefresh`='" . intval($_SESSION['new']['autorefresh']) . "' ,
	    `notify_new_unassigned`='" . intval($_SESSION['new']['notify_new_unassigned']) . "' ,
        `notify_new_my`='" . intval($_SESSION['new']['notify_new_my']) . "' ,
        `notify_reply_unassigned`='" . intval($_SESSION['new']['notify_reply_unassigned']) . "' ,
        `notify_reply_my`='" . intval($_SESSION['new']['notify_reply_my']) . "' ,
        `notify_assigned`='" . intval($_SESSION['new']['notify_assigned']) . "' ,
        `notify_pm`='" . intval($_SESSION['new']['notify_pm']) . "',
        `notify_note`='" . intval($_SESSION['new']['notify_note']) . "',
        `notify_note_unassigned`='" . intval($_SESSION['new']['notify_note_unassigned']) . "',
        `notify_customer_new`='" . $_SESSION['new']['notify_customer_new'] . "',
        `notify_customer_reply`='" . $_SESSION['new']['notify_customer_reply'] . "',
        `notify_overdue_unassigned`='" . $_SESSION['new']['notify_overdue_unassigned'] . "',
        `show_suggested`='" . $_SESSION['new']['show_suggested'] . "',
        `default_calendar_view`=" . intval($_SESSION['new']['default_calendar_view']) . "
	    WHERE `id`='" . intval($_SESSION['id']) . "' LIMIT 1"
        );

        /* Process the session variables */
        $_SESSION['new'] = hesk_stripArray($_SESSION['new']);

        // Do we need a new session_verify tag?
        if (strlen($sql_username) && strlen($sql_pass)) {
            $_SESSION['session_verify'] = hesk_activeSessionCreateTag($_SESSION['new']['user'], $newpass_hash);
        } elseif (strlen($sql_pass)) {
            $_SESSION['session_verify'] = hesk_activeSessionCreateTag($_SESSION['user'], $newpass_hash);
        } elseif (strlen($sql_username)) {
            $res = hesk_dbQuery('SELECT `pass` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id` = '" . intval($_SESSION['id']) . "' LIMIT 1");
            $_SESSION['session_verify'] = hesk_activeSessionCreateTag($_SESSION['new']['user'], hesk_dbResult($res));
        }

        /* Update session variables */
        foreach ($_SESSION['new'] as $k => $v) {
            $_SESSION[$k] = $v;
        }
        unset($_SESSION['new']);

        hesk_process_messages($hesklang['profile_updated_success'], 'profile.php', 'SUCCESS');
    }
} // End update_profile()

?>