home2/isose750/public_html/ajuda/admin/profile.php 0000644 00000053133 14673124735 0016004 0 ustar 00 $v)
{
if ($k == 'pass')
{
if ($v == '499d74967b28a841c98bb4baaabaad699ff3c079')
{
define('WARN_PASSWORD',true);
}
continue;
}
elseif ($k == 'categories')
{
continue;
}
$_SESSION['new'][$k]=$v;
}
}
if ( ! isset($_SESSION['new']['username']))
{
$_SESSION['new']['username'] = '';
}
/* Print header */
require_once(HESK_PATH . 'inc/header.inc.php');
/* Print admin navigation */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
/* This will handle error, success and notice messages */
if (!hesk_SESSION(array('new', 'errors')) && !hesk_SESSION(array('newpass', 'errors'))) {
hesk_handle_messages();
}
if (defined('WARN_PASSWORD'))
{
hesk_show_notice($hesklang['chdp2'],''.$hesklang['security'].'');
}
?>
>
';
$str .= '
';
$str .= '
';
?>
>
' . $hesklang['cur_pass3'], ' ', false);
}
$session_array='newpass';
$errors = hesk_SESSION(array($session_array, 'errors'));
$errors = is_array($errors) ? $errors : array();
?>
' . $hesklang['enter_pass'] . '';
$errors[] = 'current';
} elseif (strlen($_SESSION['newpass']['pass_cur']) > 64) {
$hesk_error_buffer .= '' . $hesklang['pass_len'] . '';
$errors[] = 'current';
} else {
hesk_limitInternalBfAttempts();
// Get current password hash from DB
$result = hesk_dbQuery("SELECT `pass` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id` = ".intval($_SESSION['id'])." LIMIT 1");
if (hesk_dbNumRows($result) != 1)
{
hesk_forceLogout($hesklang['wrong_user']);
}
$user_row = hesk_dbFetchAssoc($result);
// Validate current password
if (hesk_password_verify($_SESSION['newpass']['pass_cur'], $user_row['pass'])) {
hesk_cleanBfAttempts();
} else {
$hesk_error_buffer .= '' . $hesklang['wrong_pass'] . '';
$errors[] = 'current';
}
}
// New password
$_SESSION['newpass']['pass_new'] = hesk_input( hesk_POST('pass_new') );
if (!$_SESSION['newpass']['pass_new']) {
$hesk_error_buffer .= '' . $hesklang['e_new_pass'] . '';
$errors[] = 'new';
} elseif (strlen($_SESSION['newpass']['pass_new']) < 5) {
$hesk_error_buffer .= '' . $hesklang['password_not_valid'] . '';
$errors[] = 'new';
} elseif (strlen($_SESSION['newpass']['pass_new']) > 64) {
$hesk_error_buffer .= '' . $hesklang['pass_len'] . '';
$errors[] = 'new';
}
// Confirm password
$_SESSION['newpass']['pass_new2'] = hesk_input( hesk_POST('pass_new2') );
if ($_SESSION['newpass']['pass_new2'] != $_SESSION['newpass']['pass_new']) {
$hesk_error_buffer .= '' . $hesklang['passwords_not_same'] . '';
$errors[] = 'new2';
}
if (strlen($hesk_error_buffer))
{
$hesk_error_buffer = '';
$_SESSION['newpass']['errors'] = $errors;
hesk_process_messages($hesk_error_buffer,'NOREDIRECT');
}
else
{
$newpass_hash = hesk_password_hash($_SESSION['newpass']['pass_new']);
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."users` SET `pass` = '".hesk_dbEscape($newpass_hash)."' WHERE `id` = ".intval($_SESSION['id']));
// Force login after password change
hesk_forceLogout($hesklang['pass_login'], null, null, 'NOTICE');
}
} // End update_password()
function update_profile() {
global $hesk_settings, $hesklang, $can_view_unassigned;
/* A security check */
hesk_token_check('POST');
$sql_username = '';
$hesk_error_buffer = '';
$errors = array();
$_SESSION['new']['name'] = hesk_input( hesk_POST('name') );
if (!$_SESSION['new']['name']) {
$hesk_error_buffer .= '' . $hesklang['enter_your_name'] . '';
$errors[] = 'name';
}
$_SESSION['new']['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0);
if (!$_SESSION['new']['email']) {
$hesk_error_buffer .= '' . $hesklang['enter_valid_email'] . '';
$errors[] = 'email';
}
$_SESSION['new']['signature'] = hesk_input( hesk_POST('signature') );
/* Signature */
if (hesk_mb_strlen($_SESSION['new']['signature'])>1000)
{
$hesk_error_buffer .= '' . $hesklang['signature_long'] . '';
$errors[] = 'signature';
}
/* Admins can change username */
if ($_SESSION['isadmin'])
{
$_SESSION['new']['user'] = hesk_input( hesk_POST('user') ) or $hesk_error_buffer .= '' . $hesklang['enter_username'] . '';
/* Check for duplicate usernames */
$result = hesk_dbQuery("SELECT `id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `user`='".hesk_dbEscape($_SESSION['new']['user'])."' AND `id`!='".intval($_SESSION['id'])."' LIMIT 1");
if (hesk_dbNumRows($result) != 0)
{
$hesk_error_buffer .= '' . $hesklang['duplicate_user'] . '';
$errors[] = 'user';
}
else
{
$sql_username = "`user`='" . hesk_dbEscape($_SESSION['new']['user']) . "', ";
}
}
/* After reply */
$_SESSION['new']['afterreply'] = intval( hesk_POST('afterreply') );
if ($_SESSION['new']['afterreply'] != 1 && $_SESSION['new']['afterreply'] != 2)
{
$_SESSION['new']['afterreply'] = 0;
}
// Defaults
$_SESSION['new']['autostart'] = isset($_POST['autostart']) ? 1 : 0;
$_SESSION['new']['notify_customer_new'] = isset($_POST['notify_customer_new']) ? 1 : 0;
$_SESSION['new']['notify_customer_reply'] = isset($_POST['notify_customer_reply']) ? 1 : 0;
$_SESSION['new']['show_suggested'] = isset($_POST['show_suggested']) ? 1 : 0;
$_SESSION['new']['autoreload'] = isset($_POST['autoreload']) ? 1 : 0;
if ($_SESSION['new']['autoreload'])
{
$_SESSION['new']['autoreload'] = intval(hesk_POST('reload_time'));
if (hesk_POST('secmin') == 'min')
{
$_SESSION['new']['autoreload'] *= 60;
}
if ($_SESSION['new']['autoreload'] < 0 || $_SESSION['new']['autoreload'] > 65535)
{
$_SESSION['new']['autoreload'] = 30;
}
}
else
{
hesk_setcookie('autorefresh', '');
}
/* Notifications */
$_SESSION['new']['notify_new_unassigned'] = empty($_POST['notify_new_unassigned']) || ! $can_view_unassigned ? 0 : 1;
$_SESSION['new']['notify_overdue_unassigned'] = empty($_POST['notify_overdue_unassigned']) || !$can_view_unassigned ? 0 : 1;
$_SESSION['new']['notify_new_my'] = empty($_POST['notify_new_my']) ? 0 : 1;
$_SESSION['new']['notify_overdue_my'] = empty($_POST['notify_overdue_my']) ? 0 : 1;
$_SESSION['new']['notify_reply_unassigned'] = empty($_POST['notify_reply_unassigned']) || ! $can_view_unassigned ? 0 : 1;
$_SESSION['new']['notify_reply_my'] = empty($_POST['notify_reply_my']) ? 0 : 1;
$_SESSION['new']['notify_assigned'] = empty($_POST['notify_assigned']) ? 0 : 1;
$_SESSION['new']['notify_note'] = empty($_POST['notify_note']) ? 0 : 1;
$_SESSION['new']['notify_pm'] = empty($_POST['notify_pm']) ? 0 : 1;
/* Any errors? */
if (strlen($hesk_error_buffer))
{
/* Process the session variables */
$_SESSION['new'] = hesk_stripArray($_SESSION['new']);
$hesk_error_buffer = $hesklang['rfm'].'
';
$_SESSION['new']['errors'] = $errors;
hesk_process_messages($hesk_error_buffer,'NOREDIRECT');
}
else
{
/* Update database */
hesk_dbQuery(
"UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."users` SET
`name`='".hesk_dbEscape($_SESSION['new']['name'])."',
`email`='".hesk_dbEscape($_SESSION['new']['email'])."',
`signature`='".hesk_dbEscape($_SESSION['new']['signature'])."',
$sql_username
`afterreply`='".($_SESSION['new']['afterreply'])."' ,
".($hesk_settings['time_worked'] ? "`autostart`='".($_SESSION['new']['autostart'])."'," : '')."
`autoreload`='".($_SESSION['new']['autoreload'])."' ,
`notify_customer_new`='".($_SESSION['new']['notify_customer_new'])."' ,
`notify_customer_reply`='".($_SESSION['new']['notify_customer_reply'])."' ,
`show_suggested`='".($_SESSION['new']['show_suggested'])."' ,
`notify_new_unassigned`='".($_SESSION['new']['notify_new_unassigned'])."' ,
`notify_overdue_unassigned`='".($_SESSION['new']['notify_overdue_unassigned'])."' ,
`notify_new_my`='".($_SESSION['new']['notify_new_my'])."' ,
`notify_overdue_my`='".($_SESSION['new']['notify_overdue_my'])."' ,
`notify_reply_unassigned`='".($_SESSION['new']['notify_reply_unassigned'])."' ,
`notify_reply_my`='".($_SESSION['new']['notify_reply_my'])."' ,
`notify_assigned`='".($_SESSION['new']['notify_assigned'])."' ,
`notify_pm`='".($_SESSION['new']['notify_pm'])."',
`notify_note`='".($_SESSION['new']['notify_note'])."'
WHERE `id`='".intval($_SESSION['id'])."'"
);
/* Process the session variables */
$_SESSION['new'] = hesk_stripArray($_SESSION['new']);
// Do we need a new session_veify tag?
if ( strlen($sql_username) )
{
$res = hesk_dbQuery('SELECT `pass` FROM `'.hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id` = '".intval($_SESSION['id'])."' LIMIT 1");
$_SESSION['session_verify'] = hesk_activeSessionCreateTag($_SESSION['new']['user'], hesk_dbResult($res) );
}
/* Update session variables */
foreach ($_SESSION['new'] as $k => $v)
{
$_SESSION[$k] = $v;
}
unset($_SESSION['new']);
hesk_cleanSessionVars('as_notify');
hesk_process_messages($hesklang['profile_updated_success'],'profile.php','SUCCESS');
}
} // End update_profile()
?>