1<?php
2/*********************************************************************
3    users.php
4
5    Peter Rotich <peter@osticket.com>
6    Jared Hancock <jared@osticket.com>
7    Copyright (c)  2006-2014 osTicket
8    http://www.osticket.com
9
10    Released under the GNU General Public License WITHOUT ANY WARRANTY.
11    See LICENSE.TXT for details.
12
13    vim: expandtab sw=4 ts=4 sts=4:
14**********************************************************************/
15require('staff.inc.php');
16
17if (!$thisstaff->hasPerm(User::PERM_DIRECTORY))
18    Http::redirect('index.php');
19
20require_once INCLUDE_DIR.'class.note.php';
21
22$user = null;
23if ($_REQUEST['id'] && !($user=User::lookup($_REQUEST['id'])))
24    $errors['err'] = sprintf(__('%s: Unknown or invalid'), _N('end user', 'end users', 1));
25
26if ($_POST) {
27    switch(strtolower($_REQUEST['do'])) {
28        case 'update':
29            if (!$user) {
30                $errors['err']=sprintf(__('%s: Unknown or invalid'), _N('end user', 'end users', 1));
31            } elseif (!$thisstaff->hasPerm(User::PERM_EDIT)) {
32                $errors['err'] = __('Action denied. Contact admin for access');
33            } elseif(($acct = $user->getAccount())
34                    && !$acct->update($_POST, $errors)) {
35                 $errors['err']=__('Unable to update user account information');
36            } elseif($user->updateInfo($_POST, $errors)) {
37                $msg=sprintf(__('Successfully updated %s.'), __('this end user'));
38                $_REQUEST['a'] = null;
39            } elseif(!$errors['err']) {
40                $errors['err']=sprintf('%s %s',
41                    sprintf(__('Unable to update %s.'), __('this end user')),
42                    __('Correct any errors below and try again.'));
43            }
44            break;
45        case 'create':
46            $form = UserForm::getUserForm()->getForm($_POST);
47            if (($user = User::fromForm($form))) {
48                $msg = Format::htmlchars(sprintf(__('Successfully added %s.'), $user->getName()));
49                $_REQUEST['a'] = null;
50            } elseif (!$errors['err']) {
51                $errors['err']=sprintf('%s %s',
52                    sprintf(__('Unable to add %s.'), __('this end user')),
53                    __('Correct any errors below and try again.'));
54            }
55            break;
56        case 'confirmlink':
57            if (!$user || !$user->getAccount())
58                $errors['err'] = sprintf(__('%s: Unknown or invalid'),
59                    __('end user account'));
60            elseif ($user->getAccount()->isConfirmed())
61                $errors['err'] = __('Account is already confirmed');
62            elseif ($user->getAccount()->sendConfirmEmail())
63                $msg = sprintf(__('Account activation email sent to %s'),$user->getEmail());
64            else
65                $errors['err'] = sprintf('%s - %s', __('Unable to send account activation email'), __('Please try again!'));
66            break;
67        case 'pwreset':
68            if (!$user || !$user->getAccount())
69                $errors['err'] = sprintf(__('%s: Unknown or invalid'), __('end user account'));
70            elseif ($user->getAccount()->sendResetEmail())
71                $msg = sprintf(__('Account password reset email sent to %s'),$user->getEmail());
72            else
73                $errors['err'] = sprintf('%s - %s', __('Unable to send account password reset email'), __('Please try again!'));
74            break;
75        case 'mass_process':
76            if (!$_POST['ids'] || !is_array($_POST['ids']) || !count($_POST['ids'])) {
77                $errors['err'] = sprintf(__('You must select at least %s.'),
78                    __('one end user'));
79            } else {
80                $users = User::objects()->filter(
81                    array('id__in' => $_POST['ids'])
82                );
83                $count = 0;
84                switch (strtolower($_POST['a'])) {
85                case 'lock':
86                    foreach ($users as $U)
87                        if (($acct = $U->getAccount()) && $acct->lock()) {
88                            $type = array('type' => 'edited', 'key' => 'locked-flag');
89                            Signal::send('object.edited', $acct, $type);
90                            $count++;
91                        }
92
93                    break;
94
95                case 'unlock':
96                    foreach ($users as $U)
97                        if (($acct = $U->getAccount()) && $acct->unlock()) {
98                            $type = array('type' => 'edited', 'key' => 'unlocked-flag');
99                            Signal::send('object.edited', $acct, $type);
100                            $count++;
101                        }
102                    break;
103
104                case 'delete':
105                    foreach ($users as $U) {
106                        if (@$_POST['deletetickets']) {
107                            if (!$U->deleteAllTickets())
108                                // XXX: This message is very unclear
109                                $errors['err'] = __('You do not have permission to delete a user with tickets!');
110                        }
111                        if ($U->delete())
112                            $count++;
113                    }
114                    break;
115
116                case 'reset':
117                    foreach ($users as $U)
118                        if (($acct = $U->getAccount()) && $acct->sendResetEmail()) {
119                            $type = array('type' => 'edited', 'key' => 'pwreset-sent');
120                            Signal::send('object.edited', $acct, $type);
121                            $count++;
122                        }
123                    break;
124
125                case 'register':
126                    foreach ($users as $U) {
127                        $type = array('type' => 'edited', 'key' => 'user-registered');
128                        Signal::send('object.edited', $U, $type);
129                        if (($acct = $U->getAccount()) && $acct->sendConfirmEmail())
130                            $count++;
131                        elseif ($acct = UserAccount::register($U,
132                            array('sendemail' => true), $errors
133                        )) {
134                            $count++;
135                        }
136                    }
137                    break;
138
139                case 'setorg':
140                    if (!($org = Organization::lookup($_POST['org_id'])))
141                        $errors['err'] = sprintf('%s - %s', __('Unknown action'), __('Get technical help!'));
142                    foreach ($users as $U) {
143                        if ($U->setOrganization($org)) {
144                            $type = array('type' => 'edited', 'key' => 'user-org');
145                            Signal::send('object.edited', $U, $type);
146                            $count++;
147                        }
148                    }
149                    break;
150
151                default:
152                    $errors['err']=sprintf('%s - %s', __('Unknown action'), __('Get technical help!'));
153                }
154                if (!$errors['err'] && !$count) {
155                    $errors['err'] = __('Unable to manage any of the selected end users');
156                }
157                elseif ($_POST['count'] && $count != $_POST['count']) {
158                    $warn = __('Not all selected items were updated');
159                }
160                elseif ($count) {
161                    $msg = __('Successfully managed selected end users');
162                }
163
164
165            }
166            break;
167        case 'import-users':
168            $status = User::importFromPost($_FILES['import'] ?: $_POST['pasted']);
169            if (is_numeric($status))
170                $msg = sprintf(__('Successfully imported %1$d %2$s'), $status,
171                    _N('end user', 'end users', $status));
172            else
173                $errors['err'] = $status;
174            break;
175        default:
176            $errors['err'] = __('Unknown action');
177            break;
178    }
179} elseif(!$user && $_REQUEST['a'] == 'export') {
180    require_once(INCLUDE_DIR.'class.export.php');
181    $ts = strftime('%Y%m%d');
182    if (!($query=$_SESSION[':Q:users']))
183        $errors['err'] = __('Query token not found');
184    elseif (!Export::saveUsers($query, __("users")."-$ts.csv", 'csv'))
185        $errors['err'] = __('Unable to dump query results.')
186            .' '.__('Internal error occurred');
187}
188
189$page = 'users.inc.php';
190if ($user ) {
191    $page = 'user-view.inc.php';
192    switch (strtolower($_REQUEST['t'])) {
193    case 'tickets':
194        if (isset($_SERVER['HTTP_X_PJAX'])) {
195            $page='templates/tickets.tmpl.php';
196            $pjax_container = @$_SERVER['HTTP_X_PJAX_CONTAINER'];
197            require(STAFFINC_DIR.$page);
198            return;
199        } elseif ($_REQUEST['a'] == 'export' && ($query=$_SESSION[':U:tickets'])) {
200            $filename = sprintf('%s-tickets-%s.csv',
201                    $user->getName(), strftime('%Y%m%d'));
202            if (!Export::saveTickets($query, '', $filename, 'csv'))
203                $errors['err'] = __('Unable to dump query results.')
204                    .' '.__('Internal error occurred');
205        }
206        break;
207    }
208}
209
210$nav->setTabActive('users');
211require(STAFFINC_DIR.'header.inc.php');
212require(STAFFINC_DIR.$page);
213include(STAFFINC_DIR.'footer.inc.php');
214?>
215