1<?php 2/********************************************************************* 3 users.php 4 5 Peter Rotich <peter@osticket.com> 6 Jared Hancock <jared@osticket.com> 7 Copyright (c) 2006-2014 osTicket 8 http://www.osticket.com 9 10 Released under the GNU General Public License WITHOUT ANY WARRANTY. 11 See LICENSE.TXT for details. 12 13 vim: expandtab sw=4 ts=4 sts=4: 14**********************************************************************/ 15require('staff.inc.php'); 16 17if (!$thisstaff->hasPerm(User::PERM_DIRECTORY)) 18 Http::redirect('index.php'); 19 20require_once INCLUDE_DIR.'class.note.php'; 21 22$user = null; 23if ($_REQUEST['id'] && !($user=User::lookup($_REQUEST['id']))) 24 $errors['err'] = sprintf(__('%s: Unknown or invalid'), _N('end user', 'end users', 1)); 25 26if ($_POST) { 27 switch(strtolower($_REQUEST['do'])) { 28 case 'update': 29 if (!$user) { 30 $errors['err']=sprintf(__('%s: Unknown or invalid'), _N('end user', 'end users', 1)); 31 } elseif (!$thisstaff->hasPerm(User::PERM_EDIT)) { 32 $errors['err'] = __('Action denied. Contact admin for access'); 33 } elseif(($acct = $user->getAccount()) 34 && !$acct->update($_POST, $errors)) { 35 $errors['err']=__('Unable to update user account information'); 36 } elseif($user->updateInfo($_POST, $errors)) { 37 $msg=sprintf(__('Successfully updated %s.'), __('this end user')); 38 $_REQUEST['a'] = null; 39 } elseif(!$errors['err']) { 40 $errors['err']=sprintf('%s %s', 41 sprintf(__('Unable to update %s.'), __('this end user')), 42 __('Correct any errors below and try again.')); 43 } 44 break; 45 case 'create': 46 $form = UserForm::getUserForm()->getForm($_POST); 47 if (($user = User::fromForm($form))) { 48 $msg = Format::htmlchars(sprintf(__('Successfully added %s.'), $user->getName())); 49 $_REQUEST['a'] = null; 50 } elseif (!$errors['err']) { 51 $errors['err']=sprintf('%s %s', 52 sprintf(__('Unable to add %s.'), __('this end user')), 53 __('Correct any errors below and try again.')); 54 } 55 break; 56 case 'confirmlink': 57 if (!$user || !$user->getAccount()) 58 $errors['err'] = sprintf(__('%s: Unknown or invalid'), 59 __('end user account')); 60 elseif ($user->getAccount()->isConfirmed()) 61 $errors['err'] = __('Account is already confirmed'); 62 elseif ($user->getAccount()->sendConfirmEmail()) 63 $msg = sprintf(__('Account activation email sent to %s'),$user->getEmail()); 64 else 65 $errors['err'] = sprintf('%s - %s', __('Unable to send account activation email'), __('Please try again!')); 66 break; 67 case 'pwreset': 68 if (!$user || !$user->getAccount()) 69 $errors['err'] = sprintf(__('%s: Unknown or invalid'), __('end user account')); 70 elseif ($user->getAccount()->sendResetEmail()) 71 $msg = sprintf(__('Account password reset email sent to %s'),$user->getEmail()); 72 else 73 $errors['err'] = sprintf('%s - %s', __('Unable to send account password reset email'), __('Please try again!')); 74 break; 75 case 'mass_process': 76 if (!$_POST['ids'] || !is_array($_POST['ids']) || !count($_POST['ids'])) { 77 $errors['err'] = sprintf(__('You must select at least %s.'), 78 __('one end user')); 79 } else { 80 $users = User::objects()->filter( 81 array('id__in' => $_POST['ids']) 82 ); 83 $count = 0; 84 switch (strtolower($_POST['a'])) { 85 case 'lock': 86 foreach ($users as $U) 87 if (($acct = $U->getAccount()) && $acct->lock()) { 88 $type = array('type' => 'edited', 'key' => 'locked-flag'); 89 Signal::send('object.edited', $acct, $type); 90 $count++; 91 } 92 93 break; 94 95 case 'unlock': 96 foreach ($users as $U) 97 if (($acct = $U->getAccount()) && $acct->unlock()) { 98 $type = array('type' => 'edited', 'key' => 'unlocked-flag'); 99 Signal::send('object.edited', $acct, $type); 100 $count++; 101 } 102 break; 103 104 case 'delete': 105 foreach ($users as $U) { 106 if (@$_POST['deletetickets']) { 107 if (!$U->deleteAllTickets()) 108 // XXX: This message is very unclear 109 $errors['err'] = __('You do not have permission to delete a user with tickets!'); 110 } 111 if ($U->delete()) 112 $count++; 113 } 114 break; 115 116 case 'reset': 117 foreach ($users as $U) 118 if (($acct = $U->getAccount()) && $acct->sendResetEmail()) { 119 $type = array('type' => 'edited', 'key' => 'pwreset-sent'); 120 Signal::send('object.edited', $acct, $type); 121 $count++; 122 } 123 break; 124 125 case 'register': 126 foreach ($users as $U) { 127 $type = array('type' => 'edited', 'key' => 'user-registered'); 128 Signal::send('object.edited', $U, $type); 129 if (($acct = $U->getAccount()) && $acct->sendConfirmEmail()) 130 $count++; 131 elseif ($acct = UserAccount::register($U, 132 array('sendemail' => true), $errors 133 )) { 134 $count++; 135 } 136 } 137 break; 138 139 case 'setorg': 140 if (!($org = Organization::lookup($_POST['org_id']))) 141 $errors['err'] = sprintf('%s - %s', __('Unknown action'), __('Get technical help!')); 142 foreach ($users as $U) { 143 if ($U->setOrganization($org)) { 144 $type = array('type' => 'edited', 'key' => 'user-org'); 145 Signal::send('object.edited', $U, $type); 146 $count++; 147 } 148 } 149 break; 150 151 default: 152 $errors['err']=sprintf('%s - %s', __('Unknown action'), __('Get technical help!')); 153 } 154 if (!$errors['err'] && !$count) { 155 $errors['err'] = __('Unable to manage any of the selected end users'); 156 } 157 elseif ($_POST['count'] && $count != $_POST['count']) { 158 $warn = __('Not all selected items were updated'); 159 } 160 elseif ($count) { 161 $msg = __('Successfully managed selected end users'); 162 } 163 164 165 } 166 break; 167 case 'import-users': 168 $status = User::importFromPost($_FILES['import'] ?: $_POST['pasted']); 169 if (is_numeric($status)) 170 $msg = sprintf(__('Successfully imported %1$d %2$s'), $status, 171 _N('end user', 'end users', $status)); 172 else 173 $errors['err'] = $status; 174 break; 175 default: 176 $errors['err'] = __('Unknown action'); 177 break; 178 } 179} elseif(!$user && $_REQUEST['a'] == 'export') { 180 require_once(INCLUDE_DIR.'class.export.php'); 181 $ts = strftime('%Y%m%d'); 182 if (!($query=$_SESSION[':Q:users'])) 183 $errors['err'] = __('Query token not found'); 184 elseif (!Export::saveUsers($query, __("users")."-$ts.csv", 'csv')) 185 $errors['err'] = __('Unable to dump query results.') 186 .' '.__('Internal error occurred'); 187} 188 189$page = 'users.inc.php'; 190if ($user ) { 191 $page = 'user-view.inc.php'; 192 switch (strtolower($_REQUEST['t'])) { 193 case 'tickets': 194 if (isset($_SERVER['HTTP_X_PJAX'])) { 195 $page='templates/tickets.tmpl.php'; 196 $pjax_container = @$_SERVER['HTTP_X_PJAX_CONTAINER']; 197 require(STAFFINC_DIR.$page); 198 return; 199 } elseif ($_REQUEST['a'] == 'export' && ($query=$_SESSION[':U:tickets'])) { 200 $filename = sprintf('%s-tickets-%s.csv', 201 $user->getName(), strftime('%Y%m%d')); 202 if (!Export::saveTickets($query, '', $filename, 'csv')) 203 $errors['err'] = __('Unable to dump query results.') 204 .' '.__('Internal error occurred'); 205 } 206 break; 207 } 208} 209 210$nav->setTabActive('users'); 211require(STAFFINC_DIR.'header.inc.php'); 212require(STAFFINC_DIR.$page); 213include(STAFFINC_DIR.'footer.inc.php'); 214?> 215