$v) { if ($k == 'pass') { if ($v == '499d74967b28a841c98bb4baaabaad699ff3c079') { define('WARN_PASSWORD',true); } continue; } elseif ($k == 'categories') { continue; } $_SESSION['new'][$k]=$v; } } if ( ! isset($_SESSION['new']['username'])) { $_SESSION['new']['username'] = ''; } /* Print header */ require_once(HESK_PATH . 'inc/header.inc.php'); /* Print admin navigation */ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); /* This will handle error, success and notice messages */ if (!hesk_SESSION(array('new', 'errors')) && !hesk_SESSION(array('newpass', 'errors'))) { hesk_handle_messages(); } if (defined('WARN_PASSWORD')) { hesk_show_notice($hesklang['chdp2'],''.$hesklang['security'].''); } ?>

'.$_SESSION['new']['user']; ?>

'; $str .= ''; $str .= '

'.$hesklang['chol'].''; if ( ! isset($_GET) ) { $_GET = array(); } foreach ($_GET as $k => $v) { if ($k == 'language' || $k == 'save_language') { continue; } $str .= ''; } $str .= '

'; ?>

' . $hesklang['cur_pass3'], ' ', false); } $session_array='newpass'; $errors = hesk_SESSION(array($session_array, 'errors')); $errors = is_array($errors) ? $errors : array(); ?>

' . $hesklang['enter_pass'] . ''; $errors[] = 'current'; } elseif (strlen($_SESSION['newpass']['pass_cur']) > 64) { $hesk_error_buffer .= '

' . $hesklang['pass_len'] . '

'; $errors[] = 'current'; } else { hesk_limitInternalBfAttempts(); // Get current password hash from DB $result = hesk_dbQuery("SELECT `pass` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id` = ".intval($_SESSION['id'])." LIMIT 1"); if (hesk_dbNumRows($result) != 1) { hesk_forceLogout($hesklang['wrong_user']); } $user_row = hesk_dbFetchAssoc($result); // Validate current password if (hesk_password_verify($_SESSION['newpass']['pass_cur'], $user_row['pass'])) { hesk_cleanBfAttempts(); } else { $hesk_error_buffer .= '

' . $hesklang['wrong_pass'] . '

'; $errors[] = 'current'; } } // New password $_SESSION['newpass']['pass_new'] = hesk_input( hesk_POST('pass_new') ); if (!$_SESSION['newpass']['pass_new']) { $hesk_error_buffer .= '

' . $hesklang['e_new_pass'] . '

'; $errors[] = 'new'; } elseif (strlen($_SESSION['newpass']['pass_new']) < 5) { $hesk_error_buffer .= '

' . $hesklang['password_not_valid'] . '

'; $errors[] = 'new'; } elseif (strlen($_SESSION['newpass']['pass_new']) > 64) { $hesk_error_buffer .= '

' . $hesklang['pass_len'] . '

'; $errors[] = 'new'; } // Confirm password $_SESSION['newpass']['pass_new2'] = hesk_input( hesk_POST('pass_new2') ); if ($_SESSION['newpass']['pass_new2'] != $_SESSION['newpass']['pass_new']) { $hesk_error_buffer .= '

' . $hesklang['passwords_not_same'] . '

'; $errors[] = 'new2'; } if (strlen($hesk_error_buffer)) { $hesk_error_buffer = '

'.$hesk_error_buffer.'

'; $_SESSION['newpass']['errors'] = $errors; hesk_process_messages($hesk_error_buffer,'NOREDIRECT'); } else { $newpass_hash = hesk_password_hash($_SESSION['newpass']['pass_new']); hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."users` SET `pass` = '".hesk_dbEscape($newpass_hash)."' WHERE `id` = ".intval($_SESSION['id'])); // Force login after password change hesk_forceLogout($hesklang['pass_login'], null, null, 'NOTICE'); } } // End update_password() function update_profile() { global $hesk_settings, $hesklang, $can_view_unassigned; /* A security check */ hesk_token_check('POST'); $sql_username = ''; $hesk_error_buffer = ''; $errors = array(); $_SESSION['new']['name'] = hesk_input( hesk_POST('name') ); if (!$_SESSION['new']['name']) { $hesk_error_buffer .= '

' . $hesklang['enter_your_name'] . '

'; $errors[] = 'name'; } $_SESSION['new']['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0); if (!$_SESSION['new']['email']) { $hesk_error_buffer .= '

' . $hesklang['enter_valid_email'] . '

'; $errors[] = 'email'; } $_SESSION['new']['signature'] = hesk_input( hesk_POST('signature') ); /* Signature */ if (hesk_mb_strlen($_SESSION['new']['signature'])>1000) { $hesk_error_buffer .= '

' . $hesklang['signature_long'] . '

'; $errors[] = 'signature'; } /* Admins can change username */ if ($_SESSION['isadmin']) { $_SESSION['new']['user'] = hesk_input( hesk_POST('user') ) or $hesk_error_buffer .= '

' . $hesklang['enter_username'] . '

'; /* Check for duplicate usernames */ $result = hesk_dbQuery("SELECT `id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `user`='".hesk_dbEscape($_SESSION['new']['user'])."' AND `id`!='".intval($_SESSION['id'])."' LIMIT 1"); if (hesk_dbNumRows($result) != 0) { $hesk_error_buffer .= '

' . $hesklang['duplicate_user'] . '

'; $errors[] = 'user'; } else { $sql_username = "`user`='" . hesk_dbEscape($_SESSION['new']['user']) . "', "; } } /* After reply */ $_SESSION['new']['afterreply'] = intval( hesk_POST('afterreply') ); if ($_SESSION['new']['afterreply'] != 1 && $_SESSION['new']['afterreply'] != 2) { $_SESSION['new']['afterreply'] = 0; } // Defaults $_SESSION['new']['autostart'] = isset($_POST['autostart']) ? 1 : 0; $_SESSION['new']['notify_customer_new'] = isset($_POST['notify_customer_new']) ? 1 : 0; $_SESSION['new']['notify_customer_reply'] = isset($_POST['notify_customer_reply']) ? 1 : 0; $_SESSION['new']['show_suggested'] = isset($_POST['show_suggested']) ? 1 : 0; $_SESSION['new']['autoreload'] = isset($_POST['autoreload']) ? 1 : 0; if ($_SESSION['new']['autoreload']) { $_SESSION['new']['autoreload'] = intval(hesk_POST('reload_time')); if (hesk_POST('secmin') == 'min') { $_SESSION['new']['autoreload'] *= 60; } if ($_SESSION['new']['autoreload'] < 0 || $_SESSION['new']['autoreload'] > 65535) { $_SESSION['new']['autoreload'] = 30; } } else { hesk_setcookie('autorefresh', ''); } /* Notifications */ $_SESSION['new']['notify_new_unassigned'] = empty($_POST['notify_new_unassigned']) || ! $can_view_unassigned ? 0 : 1; $_SESSION['new']['notify_overdue_unassigned'] = empty($_POST['notify_overdue_unassigned']) || !$can_view_unassigned ? 0 : 1; $_SESSION['new']['notify_new_my'] = empty($_POST['notify_new_my']) ? 0 : 1; $_SESSION['new']['notify_overdue_my'] = empty($_POST['notify_overdue_my']) ? 0 : 1; $_SESSION['new']['notify_reply_unassigned'] = empty($_POST['notify_reply_unassigned']) || ! $can_view_unassigned ? 0 : 1; $_SESSION['new']['notify_reply_my'] = empty($_POST['notify_reply_my']) ? 0 : 1; $_SESSION['new']['notify_assigned'] = empty($_POST['notify_assigned']) ? 0 : 1; $_SESSION['new']['notify_note'] = empty($_POST['notify_note']) ? 0 : 1; $_SESSION['new']['notify_pm'] = empty($_POST['notify_pm']) ? 0 : 1; /* Any errors? */ if (strlen($hesk_error_buffer)) { /* Process the session variables */ $_SESSION['new'] = hesk_stripArray($_SESSION['new']); $hesk_error_buffer = $hesklang['rfm'].'

'.$hesk_error_buffer.''; $_SESSION['new']['errors'] = $errors; hesk_process_messages($hesk_error_buffer,'NOREDIRECT'); } else { /* Update database */ hesk_dbQuery( "UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."users` SET `name`='".hesk_dbEscape($_SESSION['new']['name'])."', `email`='".hesk_dbEscape($_SESSION['new']['email'])."', `signature`='".hesk_dbEscape($_SESSION['new']['signature'])."', $sql_username `afterreply`='".($_SESSION['new']['afterreply'])."' , ".($hesk_settings['time_worked'] ? "`autostart`='".($_SESSION['new']['autostart'])."'," : '')." `autoreload`='".($_SESSION['new']['autoreload'])."' , `notify_customer_new`='".($_SESSION['new']['notify_customer_new'])."' , `notify_customer_reply`='".($_SESSION['new']['notify_customer_reply'])."' , `show_suggested`='".($_SESSION['new']['show_suggested'])."' , `notify_new_unassigned`='".($_SESSION['new']['notify_new_unassigned'])."' , `notify_overdue_unassigned`='".($_SESSION['new']['notify_overdue_unassigned'])."' , `notify_new_my`='".($_SESSION['new']['notify_new_my'])."' , `notify_overdue_my`='".($_SESSION['new']['notify_overdue_my'])."' , `notify_reply_unassigned`='".($_SESSION['new']['notify_reply_unassigned'])."' , `notify_reply_my`='".($_SESSION['new']['notify_reply_my'])."' , `notify_assigned`='".($_SESSION['new']['notify_assigned'])."' , `notify_pm`='".($_SESSION['new']['notify_pm'])."', `notify_note`='".($_SESSION['new']['notify_note'])."' WHERE `id`='".intval($_SESSION['id'])."'" ); /* Process the session variables */ $_SESSION['new'] = hesk_stripArray($_SESSION['new']); // Do we need a new session_veify tag? if ( strlen($sql_username) ) { $res = hesk_dbQuery('SELECT `pass` FROM `'.hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id` = '".intval($_SESSION['id'])."' LIMIT 1"); $_SESSION['session_verify'] = hesk_activeSessionCreateTag($_SESSION['new']['user'], hesk_dbResult($res) ); } /* Update session variables */ foreach ($_SESSION['new'] as $k => $v) { $_SESSION[$k] = $v; } unset($_SESSION['new']); hesk_cleanSessionVars('as_notify'); hesk_process_messages($hesklang['profile_updated_success'],'profile.php','SUCCESS'); } } // End update_profile() ?>