2014-03-23 16:03:30 -04:00
< ? php
/*******************************************************************************
* Title : Help Desk Software HESK
2015-03-23 01:02:59 -04:00
* Version : 2.6 . 2 from 18 th March 2015
2014-03-23 16:03:30 -04:00
* Author : Klemen Stirn
* Website : http :// www . hesk . com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
2015-02-22 22:17:56 -05:00
* Copyright 2005 - 2015 Klemen Stirn . All Rights Reserved .
2014-03-23 16:03:30 -04:00
* HESK is a registered trademark of Klemen Stirn .
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT .
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it ' s use .
* Selling the code for this program , in part or full , without prior
* written consent is expressly forbidden .
* Using this code , in part or full , to create derivate work ,
* new scripts or products is expressly forbidden . Obtain permission
* before redistributing this software over the Internet or in
* any other medium . In all cases copyright and header must remain intact .
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union .
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden . To remove HESK copyright notice you must purchase
* a license for this script . For more information on how to obtain
* a license please visit the page below :
* https :// www . hesk . com / buy . php
*******************************************************************************/
define ( 'IN_SCRIPT' , 1 );
define ( 'HESK_PATH' , '../' );
/* Get all the required files and functions */
require ( HESK_PATH . 'hesk_settings.inc.php' );
require ( HESK_PATH . 'inc/common.inc.php' );
require ( HESK_PATH . 'inc/admin_functions.inc.php' );
2015-01-18 23:58:14 -05:00
require ( HESK_PATH . 'inc/profile_functions.inc.php' );
2014-03-23 16:03:30 -04:00
hesk_load_database_functions ();
hesk_session_start ();
hesk_dbConnect ();
hesk_isLoggedIn ();
/* Check permissions */
$can_view_tickets = hesk_checkPermission ( 'can_view_tickets' , 0 );
$can_reply_tickets = hesk_checkPermission ( 'can_reply_tickets' , 0 );
$can_view_unassigned = hesk_checkPermission ( 'can_view_unassigned' , 0 );
/* Update profile? */
if ( ! empty ( $_POST [ 'action' ]))
{
// Demo mode
if ( defined ( 'HESK_DEMO' ) )
{
hesk_process_messages ( $hesklang [ 'sdemo' ], 'profile.php' , 'NOTICE' );
}
// Update profile
update_profile ();
}
else
{
$res = hesk_dbQuery ( 'SELECT * FROM `' . hesk_dbEscape ( $hesk_settings [ 'db_pfix' ]) . " users` WHERE `id` = ' " . intval ( $_SESSION [ 'id' ]) . " ' LIMIT 1 " );
$tmp = hesk_dbFetchAssoc ( $res );
foreach ( $tmp as $k => $v )
{
if ( $k == 'pass' )
{
if ( $v == '499d74967b28a841c98bb4baaabaad699ff3c079' )
{
define ( 'WARN_PASSWORD' , true );
}
continue ;
}
elseif ( $k == 'categories' )
{
continue ;
}
$_SESSION [ 'new' ][ $k ] = $v ;
}
}
if ( ! isset ( $_SESSION [ 'new' ][ 'username' ]))
{
$_SESSION [ 'new' ][ 'username' ] = '' ;
}
/* Print header */
require_once ( HESK_PATH . 'inc/headerAdmin.inc.php' );
/* Print admin navigation */
require_once ( HESK_PATH . 'inc/show_admin_nav.inc.php' );
?>
< div class = " row " >
< div class = " col-md-8 col-md-offset-2 " style = " padding-top: 20px " >
< ? php
/* This will handle error, success and notice messages */
hesk_handle_messages ();
if ( defined ( 'WARN_PASSWORD' ))
{
hesk_show_notice ( $hesklang [ 'chdp2' ], $hesklang [ 'security' ]);
}
?>
< h3 >< ? php echo $hesklang [ 'profile_for' ] . ' <b>' . $_SESSION [ 'new' ][ 'user' ]; ?> </b></h3>
< h6 >< ? php echo $hesklang [ 'req_marked_with' ]; ?> <span class="important">*</span></h6>
< div class = " footerWithBorder blankSpace " ></ div >
< ? php
if ( $hesk_settings [ 'can_sel_lang' ])
{
/* Update preferred language in the database? */
if ( isset ( $_GET [ 'save_language' ]) )
{
$newlang = hesk_input ( hesk_GET ( 'language' ) );
/* Only update if it's a valid language */
if ( isset ( $hesk_settings [ 'languages' ][ $newlang ]) )
{
$newlang = ( $newlang == HESK_DEFAULT_LANGUAGE ) ? " NULL " : " ' " . hesk_dbEscape ( $newlang ) . " ' " ;
hesk_dbQuery ( " UPDATE ` " . hesk_dbEscape ( $hesk_settings [ 'db_pfix' ]) . " users` SET `language`= $newlang WHERE `id`=' " . intval ( $_SESSION [ 'id' ]) . " ' LIMIT 1 " );
}
}
$str = '<form class="form-horizontal" role="form" method="get" action="profile.php">' ;
$str .= '<input type="hidden" name="save_language" value="1" />' ;
$str .= '<div class="form-group">' ;
$str .= '<label for="language" class="col-sm-3 control-label">' . $hesklang [ 'chol' ] . ':</label>' ;
if ( ! isset ( $_GET ) )
{
$_GET = array ();
}
foreach ( $_GET as $k => $v )
{
if ( $k == 'language' || $k == 'save_language' )
{
continue ;
}
$str .= '<input type="hidden" name="' . htmlentitieshesk_htmlentities ( $k ) . '" value="' . hesk_htmlentities ( $v ) . '" />' ;
}
$str .= '<div class="col-sm-9"><select class="form-control" name="language" onchange="this.form.submit()">' ;
$str .= hesk_listLanguages ( 0 );
$str .= '</select></div>' ;
$str .= '</div>'
?>
< script language = " javascript " type = " text/javascript " >
2014-08-05 20:26:47 -04:00
document . write ( '<?php echo str_replace(array(' " ','<','=','>', " '"),array(' \42 ',' \74 ',' \75 ',' \76 ',' \47 '),$str . ' </ form > '); ?>' );
2014-03-23 16:03:30 -04:00
</ script >
< noscript >
< ? php
echo $str . '<input type="submit" value="' . $hesklang [ 'go' ] . '" /></form>' ;
?>
</ noscript >
< ? php
}
?>
< form role = " form " class = " form-horizontal " method = " post " action = " profile.php " name = " form1 " >
2015-01-18 23:58:14 -05:00
< ? php hesk_profile_tab ( 'new' ); ?>
2014-03-23 16:03:30 -04:00
</ form >
</ div >
</ div >
< ? php
require_once ( HESK_PATH . 'inc/footer.inc.php' );
exit ();
/*** START FUNCTIONS ***/
function update_profile () {
global $hesk_settings , $hesklang , $can_view_unassigned ;
/* A security check */
hesk_token_check ( 'POST' );
$sql_pass = '' ;
$sql_username = '' ;
$hesk_error_buffer = '' ;
$_SESSION [ 'new' ][ 'name' ] = hesk_input ( hesk_POST ( 'name' ) ) or $hesk_error_buffer .= '<li>' . $hesklang [ 'enter_your_name' ] . '</li>' ;
$_SESSION [ 'new' ][ 'email' ] = hesk_validateEmail ( hesk_POST ( 'email' ), 'ERR' , 0 ) or $hesk_error_buffer = '<li>' . $hesklang [ 'enter_valid_email' ] . '</li>' ;
$_SESSION [ 'new' ][ 'signature' ] = hesk_input ( hesk_POST ( 'signature' ) );
/* Signature */
if ( strlen ( $_SESSION [ 'new' ][ 'signature' ]) > 255 )
{
$hesk_error_buffer .= '<li>' . $hesklang [ 'signature_long' ] . '</li>' ;
}
/* Admins can change username */
if ( $_SESSION [ 'isadmin' ])
{
$_SESSION [ 'new' ][ 'user' ] = hesk_input ( hesk_POST ( 'user' ) ) or $hesk_error_buffer .= '<li>' . $hesklang [ 'enter_username' ] . '</li>' ;
/* Check for duplicate usernames */
$result = hesk_dbQuery ( " SELECT `id` FROM ` " . hesk_dbEscape ( $hesk_settings [ 'db_pfix' ]) . " users` WHERE `user`=' " . hesk_dbEscape ( $_SESSION [ 'new' ][ 'user' ]) . " ' AND `id`!=' " . intval ( $_SESSION [ 'id' ]) . " ' LIMIT 1 " );
if ( hesk_dbNumRows ( $result ) != 0 )
{
$hesk_error_buffer .= '<li>' . $hesklang [ 'duplicate_user' ] . '</li>' ;
}
else
{
$sql_username = " ,`user`=' " . hesk_dbEscape ( $_SESSION [ 'new' ][ 'user' ]) . " ' " ;
}
}
/* Change password? */
$newpass = hesk_input ( hesk_POST ( 'newpass' ) );
$passlen = strlen ( $newpass );
if ( $passlen > 0 )
{
/* At least 5 chars? */
if ( $passlen < 5 )
{
$hesk_error_buffer .= '<li>' . $hesklang [ 'password_not_valid' ] . '</li>' ;
}
/* Check password confirmation */
else
{
$newpass2 = hesk_input ( hesk_POST ( 'newpass2' ) );
if ( $newpass != $newpass2 )
{
$hesk_error_buffer .= '<li>' . $hesklang [ 'passwords_not_same' ] . '</li>' ;
}
else
{
$v = hesk_Pass2Hash ( $newpass );
if ( $v == '499d74967b28a841c98bb4baaabaad699ff3c079' )
{
define ( 'WARN_PASSWORD' , true );
}
$sql_pass = ',`pass`=\'' . $v . '\'' ;
}
}
}
/* After reply */
$_SESSION [ 'new' ][ 'afterreply' ] = intval ( hesk_POST ( 'afterreply' ) );
if ( $_SESSION [ 'new' ][ 'afterreply' ] != 1 && $_SESSION [ 'new' ][ 'afterreply' ] != 2 )
{
$_SESSION [ 'new' ][ 'afterreply' ] = 0 ;
}
/* Auto-start ticket timer */
$_SESSION [ 'new' ][ 'autostart' ] = isset ( $_POST [ 'autostart' ]) ? 1 : 0 ;
2014-09-12 00:02:20 -04:00
/* Update auto-refresh time */
$_SESSION [ 'new' ][ 'autorefresh' ] = isset ( $_POST [ 'autorefresh' ]) ? $_POST [ 'autorefresh' ] : 0 ;
2014-03-23 16:03:30 -04:00
/* Notifications */
$_SESSION [ 'new' ][ 'notify_new_unassigned' ] = empty ( $_POST [ 'notify_new_unassigned' ]) || ! $can_view_unassigned ? 0 : 1 ;
$_SESSION [ 'new' ][ 'notify_new_my' ] = empty ( $_POST [ 'notify_new_my' ]) ? 0 : 1 ;
$_SESSION [ 'new' ][ 'notify_reply_unassigned' ] = empty ( $_POST [ 'notify_reply_unassigned' ]) || ! $can_view_unassigned ? 0 : 1 ;
$_SESSION [ 'new' ][ 'notify_reply_my' ] = empty ( $_POST [ 'notify_reply_my' ]) ? 0 : 1 ;
$_SESSION [ 'new' ][ 'notify_assigned' ] = empty ( $_POST [ 'notify_assigned' ]) ? 0 : 1 ;
$_SESSION [ 'new' ][ 'notify_note' ] = empty ( $_POST [ 'notify_note' ]) ? 0 : 1 ;
2014-11-24 21:57:10 -05:00
$_SESSION [ 'new' ][ 'notify_note_unassigned' ] = empty ( $_POST [ 'notify_note_unassigned' ]) ? 0 : 1 ;
2014-03-23 16:03:30 -04:00
$_SESSION [ 'new' ][ 'notify_pm' ] = empty ( $_POST [ 'notify_pm' ]) ? 0 : 1 ;
/* Any errors? */
if ( strlen ( $hesk_error_buffer ))
{
/* Process the session variables */
$_SESSION [ 'new' ] = hesk_stripArray ( $_SESSION [ 'new' ]);
$hesk_error_buffer = $hesklang [ 'rfm' ] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>' ;
hesk_process_messages ( $hesk_error_buffer , 'NOREDIRECT' );
}
else
{
/* Update database */
hesk_dbQuery (
" UPDATE ` " . hesk_dbEscape ( $hesk_settings [ 'db_pfix' ]) . " users` SET
`name` = '".hesk_dbEscape($_SESSION[' new '][' name '])."' ,
`email` = '".hesk_dbEscape($_SESSION[' new '][' email '])."' ,
`signature` = '".hesk_dbEscape($_SESSION[' new '][' signature '])."'
$sql_username
$sql_pass ,
`afterreply` = '".intval($_SESSION[' new '][' afterreply '])."' ,
`autostart` = '".intval($_SESSION[' new '][' autostart '])."' ,
2014-09-12 00:02:20 -04:00
`autorefresh` = '".intval($_SESSION[' new '][' autorefresh '])."' ,
2014-03-23 16:03:30 -04:00
`notify_new_unassigned` = '".intval($_SESSION[' new '][' notify_new_unassigned '])."' ,
`notify_new_my` = '".intval($_SESSION[' new '][' notify_new_my '])."' ,
`notify_reply_unassigned` = '".intval($_SESSION[' new '][' notify_reply_unassigned '])."' ,
`notify_reply_my` = '".intval($_SESSION[' new '][' notify_reply_my '])."' ,
`notify_assigned` = '".intval($_SESSION[' new '][' notify_assigned '])."' ,
`notify_pm` = '".intval($_SESSION[' new '][' notify_pm '])."' ,
2014-10-25 00:14:03 -04:00
`notify_note` = '".intval($_SESSION[' new '][' notify_note '])."' ,
2015-01-08 23:34:15 -05:00
`notify_note_unassigned` = '".intval($_SESSION[' new '][' notify_note_unassigned '])."'
2014-03-23 16:03:30 -04:00
WHERE `id` = '".intval($_SESSION[' id '])."' LIMIT 1 "
);
/* Process the session variables */
$_SESSION [ 'new' ] = hesk_stripArray ( $_SESSION [ 'new' ]);
/* Update session variables */
foreach ( $_SESSION [ 'new' ] as $k => $v )
{
$_SESSION [ $k ] = $v ;
}
unset ( $_SESSION [ 'new' ]);
hesk_process_messages ( $hesklang [ 'profile_updated_success' ], 'profile.php' , 'SUCCESS' );
}
} // End update_profile()
?>
