user_edit.php 51 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225
  1. <?php
  2. /*
  3. FusionPBX
  4. Version: MPL 1.1
  5. The contents of this file are subject to the Mozilla Public License Version
  6. 1.1 (the "License"); you may not use this file except in compliance with
  7. the License. You may obtain a copy of the License at
  8. http://www.mozilla.org/MPL/
  9. Software distributed under the License is distributed on an "AS IS" basis,
  10. WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
  11. for the specific language governing rights and limitations under the
  12. License.
  13. The Original Code is FusionPBX
  14. The Initial Developer of the Original Code is
  15. Mark J Crane <[email protected]>
  16. Portions created by the Initial Developer are Copyright (C) 2008-2023
  17. the Initial Developer. All Rights Reserved.
  18. Contributor(s):
  19. Mark J Crane <[email protected]>
  20. Luis Daniel Lucio Quiroz <[email protected]>
  21. */
  22. //includes files
  23. require_once dirname(__DIR__, 2) . "/resources/require.php";
  24. require_once "resources/check_auth.php";
  25. //add multi-lingual support
  26. $language = new text;
  27. $text = $language->get();
  28. //get user uuid
  29. if (!empty($_REQUEST["id"]) && ((is_uuid($_REQUEST["id"]) && permission_exists('user_edit')) || (is_uuid($_REQUEST["id"]) && $_REQUEST["id"] == $_SESSION['user_uuid']))) {
  30. $user_uuid = $_REQUEST["id"];
  31. $action = 'edit';
  32. }
  33. elseif (permission_exists('user_add') && !isset($_REQUEST["id"])) {
  34. $user_uuid = uuid();
  35. $action = 'add';
  36. }
  37. else {
  38. // load users own account
  39. header("Location: user_edit.php?id=".urlencode($_SESSION['user_uuid']));
  40. exit;
  41. }
  42. //get total user count from the database, check limit, if defined
  43. if (permission_exists('user_add') && $action == 'add' && !empty($_SESSION['limit']['users']['numeric'])) {
  44. $sql = "select count(*) ";
  45. $sql .= "from v_users ";
  46. $sql .= "where domain_uuid = :domain_uuid ";
  47. $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
  48. $database = new database;
  49. $num_rows = $database->select($sql, $parameters, 'column');
  50. unset($sql, $parameters);
  51. if ($num_rows >= $_SESSION['limit']['users']['numeric']) {
  52. message::add($text['message-maximum_users'].' '.$_SESSION['limit']['users']['numeric'], 'negative');
  53. header('Location: users.php');
  54. exit;
  55. }
  56. }
  57. //required to be a superadmin to update an account that is a member of the superadmin group
  58. if (permission_exists('user_edit') && $action == 'edit') {
  59. $superadmins = superadmin_list();
  60. if (if_superadmin($superadmins, $user_uuid)) {
  61. if (!if_group("superadmin")) {
  62. echo "access denied";
  63. exit;
  64. }
  65. }
  66. }
  67. //delete the group from the user
  68. if (!empty($_GET["a"]) && $_GET["a"] == "delete" && is_uuid($_GET["group_uuid"]) && is_uuid($user_uuid) && permission_exists("user_delete")) {
  69. //set the variables
  70. $group_uuid = $_GET["group_uuid"];
  71. //delete the group from the users
  72. $array['user_groups'][0]['group_uuid'] = $group_uuid;
  73. $array['user_groups'][0]['user_uuid'] = $user_uuid;
  74. $p = new permissions;
  75. $p->add('user_group_delete', 'temp');
  76. $database = new database;
  77. $database->app_name = 'users';
  78. $database->app_uuid = '112124b3-95c2-5352-7e9d-d14c0b88f207';
  79. $database->delete($array);
  80. unset($array);
  81. $p->delete('user_group_delete', 'temp');
  82. //redirect the user
  83. message::add($text['message-update']);
  84. header("Location: user_edit.php?id=".urlencode($user_uuid));
  85. exit;
  86. }
  87. //retrieve password requirements
  88. $required['length'] = $_SESSION['users']['password_length']['numeric'];
  89. $required['number'] = ($_SESSION['users']['password_number']['boolean'] == 'true') ? true : false;
  90. $required['lowercase'] = ($_SESSION['users']['password_lowercase']['boolean'] == 'true') ? true : false;
  91. $required['uppercase'] = ($_SESSION['users']['password_uppercase']['boolean'] == 'true') ? true : false;
  92. $required['special'] = ($_SESSION['users']['password_special']['boolean'] == 'true') ? true : false;
  93. //prepare the data
  94. if (!empty($_POST)) {
  95. //get the HTTP values and set as variables
  96. if (permission_exists('user_edit') && $action == 'edit') {
  97. $user_uuid = $_REQUEST["id"];
  98. $username_old = $_POST["username_old"];
  99. }
  100. $domain_uuid = $_POST["domain_uuid"];
  101. $username = $_POST["username"];
  102. $password = $_POST["password"];
  103. $password_confirm = $_POST["password_confirm"];
  104. $user_email = $_POST["user_email"];
  105. $user_status = $_POST["user_status"] ?? '';
  106. $user_language = $_POST["user_language"];
  107. $user_time_zone = $_POST["user_time_zone"];
  108. if (permission_exists('contact_edit') && $action == 'edit') {
  109. $contact_uuid = $_POST["contact_uuid"];
  110. }
  111. else if (permission_exists('contact_add') && $action == 'add') {
  112. $contact_organization = $_POST["contact_organization"];
  113. $contact_name_given = $_POST["contact_name_given"];
  114. $contact_name_family = $_POST["contact_name_family"];
  115. }
  116. $group_uuid_name = $_POST["group_uuid_name"];
  117. $user_enabled = $_POST["user_enabled"] ?? 'false';
  118. if (permission_exists('api_key')) {
  119. $api_key = $_POST["api_key"];
  120. }
  121. if (permission_exists('message_key')) {
  122. $message_key = $_POST["message_key"];
  123. }
  124. if (!empty($_SESSION['authentication']['methods']) && in_array('totp', $_SESSION['authentication']['methods'])) {
  125. $user_totp_secret = strtoupper($_POST["user_totp_secret"]);
  126. }
  127. //validate the token
  128. $token = new token;
  129. if (!$token->validate($_SERVER['PHP_SELF'])) {
  130. message::add($text['message-invalid_token'],'negative');
  131. header('Location: users.php');
  132. exit;
  133. }
  134. //check required values
  135. if (empty($username)) {
  136. $invalid[] = $text['label-username'];
  137. }
  138. //require a username format: any, email, no_email
  139. if (!empty($_SESSION['users']['username_format']['text']) && $_SESSION['users']['username_format']['text'] != 'any') {
  140. if (
  141. ($_SESSION['users']['username_format']['text'] == 'email' && !valid_email($username)) ||
  142. ($_SESSION['users']['username_format']['text'] == 'no_email' && valid_email($username))
  143. ) {
  144. message::add($text['message-username_format_invalid'], 'negative', 7500);
  145. }
  146. }
  147. //require unique globally or per domain
  148. if ((permission_exists('user_edit') && $action == 'edit' && $username != $username_old && !empty($username)) ||
  149. (permission_exists('user_add') && $action == 'add' && !empty($username))) {
  150. $sql = "select count(*) from v_users ";
  151. if (isset($_SESSION["users"]["unique"]["text"]) && $_SESSION["users"]["unique"]["text"] == "global") {
  152. $sql .= "where username = :username ";
  153. }
  154. else {
  155. $sql .= "where username = :username ";
  156. $sql .= "and domain_uuid = :domain_uuid ";
  157. $parameters['domain_uuid'] = $domain_uuid;
  158. }
  159. $parameters['username'] = $username;
  160. $database = new database;
  161. $num_rows = $database->select($sql, $parameters, 'column');
  162. if ($num_rows > 0) {
  163. message::add($text['message-username_exists'], 'negative', 7500);
  164. }
  165. unset($sql, $parameters);
  166. }
  167. //require the passwords to match
  168. if (!empty($password) && $password != $password_confirm) {
  169. message::add($text['message-password_mismatch'], 'negative', 7500);
  170. }
  171. //require passwords not allowed to be empty
  172. if (permission_exists('user_add') && $action == 'add') {
  173. if (empty($password)) {
  174. message::add($text['message-password_blank'], 'negative', 7500);
  175. }
  176. if (empty($group_uuid_name)) {
  177. $invalid[] = $text['label-group'];
  178. }
  179. }
  180. //require a value a valid email address format
  181. if (!valid_email($user_email)) {
  182. $invalid[] = $text['label-email'];
  183. }
  184. //require passwords with the defined required attributes: length, number, lower case, upper case, and special characters
  185. if (!empty($password)) {
  186. if (!empty($required['length']) && is_numeric($required['length']) && $required['length'] != 0) {
  187. if (strlen($password) < $required['length']) {
  188. $invalid[] = $text['label-characters'];
  189. }
  190. }
  191. if ($required['number']) {
  192. if (!preg_match('/(?=.*[\d])/', $password)) {
  193. $invalid[] = $text['label-numbers'];
  194. }
  195. }
  196. if ($required['lowercase']) {
  197. if (!preg_match('/(?=.*[a-z])/', $password)) {
  198. $invalid[] = $text['label-lowercase_letters'];
  199. }
  200. }
  201. if ($required['uppercase']) {
  202. if (!preg_match('/(?=.*[A-Z])/', $password)) {
  203. $invalid[] = $text['label-uppercase_letters'];
  204. }
  205. }
  206. if ($required['special']) {
  207. if (!preg_match('/(?=.*[\W])/', $password)) {
  208. $invalid[] = $text['label-special_characters'];
  209. }
  210. }
  211. }
  212. //return if error
  213. if (message::count() != 0 || !empty($invalid)) {
  214. if ($invalid) { message::add($text['message-required'].implode(', ', $invalid), 'negative', 7500); }
  215. persistent_form_values('store', $_POST);
  216. header("Location: user_edit.php".(permission_exists('user_edit') && $action != 'add' ? "?id=".urlencode($user_uuid) : null));
  217. exit;
  218. }
  219. else {
  220. persistent_form_values('clear');
  221. }
  222. //save the data
  223. $i = $n = $x = $c = 0; //set initial array indexes
  224. //check to see if user language is set
  225. $sql = "select user_setting_uuid, user_setting_value from v_user_settings ";
  226. $sql .= "where user_setting_category = 'domain' ";
  227. $sql .= "and user_setting_subcategory = 'language' ";
  228. $sql .= "and user_uuid = :user_uuid ";
  229. $parameters['user_uuid'] = $user_uuid;
  230. $database = new database;
  231. $row = $database->select($sql, $parameters, 'row');
  232. if (!empty($user_language) && (empty($row) || (!empty($row['user_setting_uuid']) && !is_uuid($row['user_setting_uuid'])))) {
  233. //add user setting to array for insert
  234. $array['user_settings'][$i]['user_setting_uuid'] = uuid();
  235. $array['user_settings'][$i]['user_uuid'] = $user_uuid;
  236. $array['user_settings'][$i]['domain_uuid'] = $domain_uuid;
  237. $array['user_settings'][$i]['user_setting_category'] = 'domain';
  238. $array['user_settings'][$i]['user_setting_subcategory'] = 'language';
  239. $array['user_settings'][$i]['user_setting_name'] = 'code';
  240. $array['user_settings'][$i]['user_setting_value'] = $user_language;
  241. $array['user_settings'][$i]['user_setting_enabled'] = 'true';
  242. $i++;
  243. }
  244. else {
  245. if (empty($row['user_setting_value']) || empty($user_language)) {
  246. $array_delete['user_settings'][0]['user_setting_category'] = 'domain';
  247. $array_delete['user_settings'][0]['user_setting_subcategory'] = 'language';
  248. $array_delete['user_settings'][0]['user_uuid'] = $user_uuid;
  249. $p = new permissions;
  250. $p->add('user_setting_delete', 'temp');
  251. $database = new database;
  252. $database->app_name = 'users';
  253. $database->app_uuid = '112124b3-95c2-5352-7e9d-d14c0b88f207';
  254. $database->delete($array_delete);
  255. unset($array_delete);
  256. $p->delete('user_setting_delete', 'temp');
  257. }
  258. if (!empty($user_language)) {
  259. //add user setting to array for update
  260. $array['user_settings'][$i]['user_setting_uuid'] = $row['user_setting_uuid'];
  261. $array['user_settings'][$i]['user_uuid'] = $user_uuid;
  262. $array['user_settings'][$i]['domain_uuid'] = $domain_uuid;
  263. $array['user_settings'][$i]['user_setting_category'] = 'domain';
  264. $array['user_settings'][$i]['user_setting_subcategory'] = 'language';
  265. $array['user_settings'][$i]['user_setting_name'] = 'code';
  266. $array['user_settings'][$i]['user_setting_value'] = $user_language;
  267. $array['user_settings'][$i]['user_setting_enabled'] = 'true';
  268. $i++;
  269. }
  270. }
  271. unset($sql, $parameters, $row);
  272. //check to see if user time zone is set
  273. $sql = "select user_setting_uuid, user_setting_value from v_user_settings ";
  274. $sql .= "where user_setting_category = 'domain' ";
  275. $sql .= "and user_setting_subcategory = 'time_zone' ";
  276. $sql .= "and user_uuid = :user_uuid ";
  277. $parameters['user_uuid'] = $user_uuid;
  278. $database = new database;
  279. $row = $database->select($sql, $parameters, 'row');
  280. if (!empty($user_time_zone) && (empty($row) || (!empty($row['user_setting_uuid']) && !is_uuid($row['user_setting_uuid'])))) {
  281. //add user setting to array for insert
  282. $array['user_settings'][$i]['user_setting_uuid'] = uuid();
  283. $array['user_settings'][$i]['user_uuid'] = $user_uuid;
  284. $array['user_settings'][$i]['domain_uuid'] = $domain_uuid;
  285. $array['user_settings'][$i]['user_setting_category'] = 'domain';
  286. $array['user_settings'][$i]['user_setting_subcategory'] = 'time_zone';
  287. $array['user_settings'][$i]['user_setting_name'] = 'name';
  288. $array['user_settings'][$i]['user_setting_value'] = $user_time_zone;
  289. $array['user_settings'][$i]['user_setting_enabled'] = 'true';
  290. $i++;
  291. }
  292. else {
  293. if (empty($row['user_setting_value']) || empty($user_time_zone)) {
  294. $array_delete['user_settings'][0]['user_setting_category'] = 'domain';
  295. $array_delete['user_settings'][0]['user_setting_subcategory'] = 'time_zone';
  296. $array_delete['user_settings'][0]['user_uuid'] = $user_uuid;
  297. $p = new permissions;
  298. $p->add('user_setting_delete', 'temp');
  299. $database = new database;
  300. $database->app_name = 'users';
  301. $database->app_uuid = '112124b3-95c2-5352-7e9d-d14c0b88f207';
  302. $database->delete($array_delete);
  303. unset($array_delete);
  304. $p->delete('user_setting_delete', 'temp');
  305. }
  306. if (!empty($user_time_zone)) {
  307. //add user setting to array for update
  308. $array['user_settings'][$i]['user_setting_uuid'] = $row['user_setting_uuid'];
  309. $array['user_settings'][$i]['user_uuid'] = $user_uuid;
  310. $array['user_settings'][$i]['domain_uuid'] = $domain_uuid;
  311. $array['user_settings'][$i]['user_setting_category'] = 'domain';
  312. $array['user_settings'][$i]['user_setting_subcategory'] = 'time_zone';
  313. $array['user_settings'][$i]['user_setting_name'] = 'name';
  314. $array['user_settings'][$i]['user_setting_value'] = $user_time_zone;
  315. $array['user_settings'][$i]['user_setting_enabled'] = 'true';
  316. $i++;
  317. }
  318. }
  319. unset($sql, $parameters, $row);
  320. //check to see if message key is set
  321. if (permission_exists('message_key')) {
  322. $sql = "select user_setting_uuid, user_setting_value from v_user_settings ";
  323. $sql .= "where user_setting_category = 'message' ";
  324. $sql .= "and user_setting_subcategory = 'key' ";
  325. $sql .= "and user_uuid = :user_uuid ";
  326. $parameters['user_uuid'] = $user_uuid;
  327. $database = new database;
  328. $row = $database->select($sql, $parameters, 'row');
  329. if (!empty($message_key) && (empty($row) || (!empty($row['user_setting_uuid']) && !is_uuid($row['user_setting_uuid'])))) {
  330. //add user setting to array for insert
  331. $array['user_settings'][$i]['user_setting_uuid'] = uuid();
  332. $array['user_settings'][$i]['user_uuid'] = $user_uuid;
  333. $array['user_settings'][$i]['domain_uuid'] = $domain_uuid;
  334. $array['user_settings'][$i]['user_setting_category'] = 'message';
  335. $array['user_settings'][$i]['user_setting_subcategory'] = 'key';
  336. $array['user_settings'][$i]['user_setting_name'] = 'text';
  337. $array['user_settings'][$i]['user_setting_value'] = $message_key;
  338. $array['user_settings'][$i]['user_setting_enabled'] = 'true';
  339. $i++;
  340. }
  341. else {
  342. if (empty($row['user_setting_value']) || empty($message_key)) {
  343. $array_delete['user_settings'][0]['user_setting_category'] = 'message';
  344. $array_delete['user_settings'][0]['user_setting_subcategory'] = 'key';
  345. $array_delete['user_settings'][0]['user_uuid'] = $user_uuid;
  346. $p = new permissions;
  347. $p->add('user_setting_delete', 'temp');
  348. $database = new database;
  349. $database->app_name = 'users';
  350. $database->app_uuid = '112124b3-95c2-5352-7e9d-d14c0b88f207';
  351. $database->delete($array_delete);
  352. unset($array_delete);
  353. $p->delete('user_setting_delete', 'temp');
  354. }
  355. if (!empty($message_key)) {
  356. //add user setting to array for update
  357. $array['user_settings'][$i]['user_setting_uuid'] = $row['user_setting_uuid'];
  358. $array['user_settings'][$i]['user_uuid'] = $user_uuid;
  359. $array['user_settings'][$i]['domain_uuid'] = $domain_uuid;
  360. $array['user_settings'][$i]['user_setting_category'] = 'message';
  361. $array['user_settings'][$i]['user_setting_subcategory'] = 'key';
  362. $array['user_settings'][$i]['user_setting_name'] = 'text';
  363. $array['user_settings'][$i]['user_setting_value'] = $message_key;
  364. $array['user_settings'][$i]['user_setting_enabled'] = 'true';
  365. $i++;
  366. }
  367. }
  368. }
  369. unset($sql, $parameters, $row);
  370. //assign the user to the group
  371. if ((permission_exists('user_add') || permission_exists('user_edit')) && !empty($_REQUEST["group_uuid_name"])) {
  372. $group_data = explode('|', $group_uuid_name);
  373. $group_uuid = $group_data[0];
  374. $group_name = $group_data[1];
  375. //compare the group level to only add groups at the same level or lower than the user
  376. $sql = "select * from v_groups ";
  377. $sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) ";
  378. $sql .= "and group_uuid = :group_uuid ";
  379. $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
  380. $parameters['group_uuid'] = $group_uuid;
  381. $database = new database;
  382. $row = $database->select($sql, $parameters, 'row');
  383. if ($row['group_level'] <= $_SESSION['user']['group_level']) {
  384. $array['user_groups'][$n]['user_group_uuid'] = uuid();
  385. $array['user_groups'][$n]['domain_uuid'] = $domain_uuid;
  386. $array['user_groups'][$n]['group_name'] = $group_name;
  387. $array['user_groups'][$n]['group_uuid'] = $group_uuid;
  388. $array['user_groups'][$n]['user_uuid'] = $user_uuid;
  389. $n++;
  390. }
  391. unset($parameters);
  392. }
  393. //update domain, if changed
  394. if ((permission_exists('user_add') || permission_exists('user_edit')) && permission_exists('user_domain')) {
  395. //adjust group user records
  396. $sql = "select user_group_uuid from v_user_groups ";
  397. $sql .= "where user_uuid = :user_uuid ";
  398. $parameters['user_uuid'] = $user_uuid;
  399. $database = new database;
  400. $result = $database->select($sql, $parameters, 'all');
  401. if (is_array($result)) {
  402. foreach ($result as $row) {
  403. //add group user to array for update
  404. $array['user_groups'][$n]['user_group_uuid'] = $row['user_group_uuid'];
  405. $array['user_groups'][$n]['domain_uuid'] = $domain_uuid;
  406. $n++;
  407. }
  408. }
  409. unset($sql, $parameters);
  410. //adjust user setting records
  411. $sql = "select user_setting_uuid from v_user_settings ";
  412. $sql .= "where user_uuid = :user_uuid ";
  413. $parameters['user_uuid'] = $user_uuid;
  414. $database = new database;
  415. $result = $database->select($sql, $parameters);
  416. if (is_array($result)) {
  417. foreach ($result as $row) {
  418. //add user setting to array for update
  419. $array['user_settings'][$i]['user_setting_uuid'] = $row['user_setting_uuid'];
  420. $array['user_settings'][$i]['domain_uuid'] = $domain_uuid;
  421. $i++;
  422. }
  423. }
  424. unset($sql, $parameters);
  425. //unassign any foreign domain groups
  426. $sql = "delete from v_user_groups ";
  427. $sql .= "where domain_uuid = :domain_uuid ";
  428. $sql .= "and user_uuid = :user_uuid ";
  429. $sql .= "and group_uuid not in (";
  430. $sql .= " select group_uuid from v_groups where domain_uuid = :domain_uuid or domain_uuid is null ";
  431. $sql .= ") ";
  432. $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
  433. $parameters['user_uuid'] = $user_uuid;
  434. $database = new database;
  435. $database->execute($sql, $parameters);
  436. unset($sql, $parameters);
  437. }
  438. //add contact to array for insert
  439. if ($action == 'add' && permission_exists('user_add') && permission_exists('contact_add')) {
  440. $contact_uuid = uuid();
  441. $array['contacts'][$c]['domain_uuid'] = $domain_uuid;
  442. $array['contacts'][$c]['contact_uuid'] = $contact_uuid;
  443. $array['contacts'][$c]['contact_type'] = 'user';
  444. $array['contacts'][$c]['contact_organization'] = $contact_organization;
  445. $array['contacts'][$c]['contact_name_given'] = $contact_name_given;
  446. $array['contacts'][$c]['contact_name_family'] = $contact_name_family;
  447. $array['contacts'][$c]['contact_nickname'] = $username;
  448. $c++;
  449. if (permission_exists('contact_email_add')) {
  450. $contact_email_uuid = uuid();
  451. $array['contact_emails'][$c]['contact_email_uuid'] = $contact_email_uuid;
  452. $array['contact_emails'][$c]['domain_uuid'] = $domain_uuid;
  453. $array['contact_emails'][$c]['contact_uuid'] = $contact_uuid;
  454. $array['contact_emails'][$c]['email_address'] = $user_email;
  455. $array['contact_emails'][$c]['email_primary'] = '1';
  456. $c++;
  457. }
  458. }
  459. //set the password hash cost
  460. $options = array('cost' => 10);
  461. //add user setting to array for update
  462. $array['users'][$x]['user_uuid'] = $user_uuid;
  463. $array['users'][$x]['domain_uuid'] = $domain_uuid;
  464. if (!empty($username) && (empty($username_old) || $username != $username_old)) {
  465. $array['users'][$x]['username'] = $username;
  466. }
  467. if (!empty($password) && $password == $password_confirm) {
  468. $array['users'][$x]['password'] = password_hash($password, PASSWORD_DEFAULT, $options);
  469. $array['users'][$x]['salt'] = null;
  470. }
  471. $array['users'][$x]['user_email'] = $user_email;
  472. $array['users'][$x]['user_status'] = $user_status;
  473. if (permission_exists('user_add') || permission_exists('user_edit')) {
  474. if (permission_exists('api_key')) {
  475. $array['users'][$x]['api_key'] = (!empty($api_key)) ? $api_key : null;
  476. }
  477. if (!empty($_SESSION['authentication']['methods']) && in_array('totp', $_SESSION['authentication']['methods'])) {
  478. $array['users'][$x]['user_totp_secret'] = $user_totp_secret;
  479. }
  480. $array['users'][$x]['user_enabled'] = $user_enabled;
  481. if (permission_exists('contact_add')) {
  482. $array['users'][$x]['contact_uuid'] = (!empty($contact_uuid)) ? $contact_uuid : null;
  483. }
  484. if ($action == 'add') {
  485. $array['users'][$x]['add_user'] = $_SESSION["user"]["username"];
  486. $array['users'][$x]['add_date'] = date("Y-m-d H:i:s.uO");
  487. }
  488. }
  489. $x++;
  490. //add the user_edit permission
  491. $p = new permissions;
  492. $p->add("user_setting_add", "temp");
  493. $p->add("user_setting_edit", "temp");
  494. $p->add("user_edit", "temp");
  495. $p->add('user_group_add', 'temp');
  496. //save the data
  497. $database = new database;
  498. $database->app_name = 'users';
  499. $database->app_uuid = '112124b3-95c2-5352-7e9d-d14c0b88f207';
  500. $database->save($array);
  501. //$message = $database->message;
  502. //remove the temporary permission
  503. $p->delete("user_setting_add", "temp");
  504. $p->delete("user_setting_edit", "temp");
  505. $p->delete("user_edit", "temp");
  506. $p->delete('user_group_add', 'temp');
  507. //if call center installed
  508. if ($action == 'edit' && permission_exists('user_edit') && file_exists($_SERVER["PROJECT_ROOT"]."/app/call_centers/app_config.php")) {
  509. //get the call center agent uuid
  510. $sql = "select call_center_agent_uuid from v_call_center_agents ";
  511. $sql .= "where domain_uuid = :domain_uuid ";
  512. $sql .= "and user_uuid = :user_uuid ";
  513. $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
  514. $parameters['user_uuid'] = $user_uuid;
  515. $database = new database;
  516. $call_center_agent_uuid = $database->select($sql, $parameters, 'column');
  517. unset($sql, $parameters);
  518. //update the user_status
  519. if (isset($call_center_agent_uuid) && is_uuid($call_center_agent_uuid) && !empty($user_status)) {
  520. $fp = event_socket_create($_SESSION['event_socket_ip_address'], $_SESSION['event_socket_port'], $_SESSION['event_socket_password']);
  521. $switch_cmd = "callcenter_config agent set status ".$call_center_agent_uuid." '".$user_status."'";
  522. $switch_result = event_socket_request($fp, 'api '.$switch_cmd);
  523. }
  524. //update the user state
  525. if (isset($call_center_agent_uuid) && is_uuid($call_center_agent_uuid)) {
  526. $fp = event_socket_create($_SESSION['event_socket_ip_address'], $_SESSION['event_socket_port'], $_SESSION['event_socket_password']);
  527. $cmd = "api callcenter_config agent set state ".$call_center_agent_uuid." Waiting";
  528. $response = event_socket_request($fp, $cmd);
  529. }
  530. }
  531. //response message
  532. if ($action == 'edit') {
  533. message::add($text['message-update'],'positive');
  534. }
  535. else {
  536. message::add($text['message-add'],'positive');
  537. }
  538. header("Location: user_edit.php?id=".urlencode($user_uuid));
  539. exit;
  540. }
  541. //populate form
  542. if (persistent_form_values('exists')) {
  543. //populate the form with values from session variable
  544. persistent_form_values('load');
  545. //clear, set $unsaved flag
  546. persistent_form_values('clear');
  547. }
  548. else {
  549. //populate the form with values from db
  550. if ($action == 'edit') {
  551. $sql = "select domain_uuid, user_uuid, username, user_email, api_key, user_totp_secret, ";
  552. $sql .= "user_enabled, contact_uuid, cast(user_enabled as text), user_status ";
  553. $sql .= "from v_users ";
  554. $sql .= "where user_uuid = :user_uuid ";
  555. if (!permission_exists('user_all')) {
  556. $sql .= "and domain_uuid = :domain_uuid ";
  557. $parameters['domain_uuid'] = $domain_uuid;
  558. }
  559. $parameters['user_uuid'] = $user_uuid;
  560. $database = new database;
  561. $row = $database->select($sql, $parameters, 'row');
  562. if (is_array($row) && sizeof($row) > 0) {
  563. $domain_uuid = $row["domain_uuid"];
  564. $user_uuid = $row["user_uuid"];
  565. $username = $row["username"];
  566. $user_email = $row["user_email"];
  567. $api_key = $row["api_key"];
  568. $user_totp_secret = $row["user_totp_secret"];
  569. $user_enabled = $row["user_enabled"];
  570. if (permission_exists('contact_view')) {
  571. $contact_uuid = $row["contact_uuid"];
  572. }
  573. $user_status = $row["user_status"];
  574. }
  575. else {
  576. message::add($text['message-invalid_user'], 'negative', 7500);
  577. header("Location: user_edit.php?id=".$_SESSION['user_uuid']);
  578. exit;
  579. }
  580. unset($sql, $parameters, $row);
  581. //get user settings
  582. $sql = "select * from v_user_settings ";
  583. $sql .= "where user_uuid = :user_uuid ";
  584. $sql .= "and user_setting_enabled = 'true' ";
  585. $parameters['user_uuid'] = $user_uuid;
  586. $database = new database;
  587. $result = $database->select($sql, $parameters, 'all');
  588. if (is_array($result)) {
  589. foreach($result as $row) {
  590. $name = $row['user_setting_name'];
  591. $category = $row['user_setting_category'];
  592. $subcategory = $row['user_setting_subcategory'];
  593. if (empty($subcategory)) {
  594. //$$category[$name] = $row['domain_setting_value'];
  595. $user_settings[$category][$name] = $row['user_setting_value'];
  596. }
  597. else {
  598. $user_settings[$category][$subcategory][$name] = $row['user_setting_value'];
  599. }
  600. }
  601. }
  602. unset($sql, $parameters, $result, $row);
  603. }
  604. }
  605. //set the defaults
  606. if (empty($user_enabled)) { $user_enabled = "true"; }
  607. //create token
  608. $object = new token;
  609. $token = $object->create($_SERVER['PHP_SELF']);
  610. //include the header
  611. require_once "resources/header.php";
  612. $document['title'] = $text['title-user_edit'];
  613. //show the content
  614. echo "<script>\n";
  615. echo " function compare_passwords() {\n";
  616. echo " if (document.getElementById('password') === document.activeElement || document.getElementById('password_confirm') === document.activeElement) {\n";
  617. echo " if ($('#password').val() != '' || $('#password_confirm').val() != '') {\n";
  618. echo " if ($('#password').val() != $('#password_confirm').val()) {\n";
  619. echo " $('#password').removeClass('formfld_highlight_good');\n";
  620. echo " $('#password_confirm').removeClass('formfld_highlight_good');\n";
  621. echo " $('#password').addClass('formfld_highlight_bad');\n";
  622. echo " $('#password_confirm').addClass('formfld_highlight_bad');\n";
  623. echo " }\n";
  624. echo " else {\n";
  625. echo " $('#password').removeClass('formfld_highlight_bad');\n";
  626. echo " $('#password_confirm').removeClass('formfld_highlight_bad');\n";
  627. echo " $('#password').addClass('formfld_highlight_good');\n";
  628. echo " $('#password_confirm').addClass('formfld_highlight_good');\n";
  629. echo " }\n";
  630. echo " }\n";
  631. echo " }\n";
  632. echo " else {\n";
  633. echo " $('#password').removeClass('formfld_highlight_bad');\n";
  634. echo " $('#password_confirm').removeClass('formfld_highlight_bad');\n";
  635. echo " $('#password').removeClass('formfld_highlight_good');\n";
  636. echo " $('#password_confirm').removeClass('formfld_highlight_good');\n";
  637. echo " }\n";
  638. echo " }\n";
  639. echo " function show_strength_meter() {\n";
  640. echo " $('#pwstrength_progress').slideDown();\n";
  641. echo " }\n";
  642. echo "</script>\n";
  643. echo "<form name='frm' id='frm' method='post'>\n";
  644. echo "<div class='action_bar' id='action_bar'>\n";
  645. echo " <div class='heading'><b>".$text['header-user_edit']."</b></div>\n";
  646. echo " <div class='actions'>\n";
  647. if (!empty($unsaved)) {
  648. echo "<div class='unsaved'>".$text['message-unsaved_changes']." <i class='fas fa-exclamation-triangle'></i></div>";
  649. }
  650. if (permission_exists('user_add') || permission_exists('user_edit')) {
  651. echo button::create(['type'=>'button','label'=>$text['button-back'],'icon'=>$_SESSION['theme']['button_icon_back'],'id'=>'btn_back','link'=>'users.php']);
  652. }
  653. $button_margin = 'margin-left: 15px;';
  654. if (permission_exists('ticket_add') || permission_exists('ticket_edit')) {
  655. echo button::create(['type'=>'button','label'=>$text['button-tickets'],'icon'=>'tags','style'=>$button_margin,'link'=>PROJECT_PATH.'/app/tickets/tickets.php?user_uuid='.urlencode($user_uuid)]);
  656. unset($button_margin);
  657. }
  658. if (permission_exists('user_permissions') && file_exists('../../app/user_permissions/user_permissions.php')) {
  659. echo button::create(['type'=>'button','label'=>$text['button-permissions'],'icon'=>'key','style'=>$button_margin,'link'=>PROJECT_PATH.'/app/user_permissions/user_permissions.php?id='.urlencode($user_uuid)]);
  660. unset($button_margin);
  661. }
  662. echo button::create(['type'=>'button','label'=>$text['button-save'],'icon'=>$_SESSION['theme']['button_icon_save'],'id'=>'btn_save','style'=>'margin-left: 15px;','onclick'=>'submit_form();']);
  663. echo " </div>\n";
  664. echo " <div style='clear: both;'></div>\n";
  665. echo "</div>\n";
  666. echo $text['description-user_edit']."\n";
  667. echo "<br /><br />\n";
  668. echo "<table cellpadding='0' cellspacing='0' border='0' width='100%'>";
  669. echo " <tr>";
  670. echo " <td width='30%' class='vncellreq' valign='top'>".$text['label-username']."</td>";
  671. echo " <td width='70%' class='vtable'>";
  672. if (permission_exists("user_edit")) {
  673. echo " <input type='text' class='formfld' name='username' id='username' autocomplete='new-password' value='".escape($username ?? '')."' required='required'>\n";
  674. echo " <input type='text' style='display: none;' disabled='disabled'>\n"; //help defeat browser auto-fill
  675. }
  676. else {
  677. echo " ".escape($username)."\n";
  678. echo " <input type='hidden' name='username' id='username' autocomplete='new-password' value='".escape($username ?? '')."'>\n";
  679. }
  680. echo " </td>";
  681. echo " </tr>";
  682. echo " <tr>";
  683. echo " <td class='vncell".(($action == 'add') ? 'req' : null)."' valign='top'>".$text['label-password']."</td>";
  684. echo " <td class='vtable'>";
  685. echo " <input type='password' style='display: none;' disabled='disabled'>"; //help defeat browser auto-fill
  686. echo " <input type='password' autocomplete='new-password' class='formfld' name='password' id='password' value=\"".escape($password ?? null)."\" ".($action == 'add' ? "required='required'" : null)." onkeypress='show_strength_meter();' onfocus='compare_passwords();' onkeyup='compare_passwords();' onblur='compare_passwords();'>";
  687. echo " <div id='pwstrength_progress' class='pwstrength_progress'></div><br />\n";
  688. if ((!empty($required['length']) && is_numeric($required['length']) && $required['length'] != 0) || $required['number'] || $required['lowercase'] || $required['uppercase'] || $required['special']) {
  689. echo $text['label-required'].': ';
  690. if (is_numeric($required['length']) && $required['length'] != 0) {
  691. echo $required['length']." ".$text['label-characters'];
  692. if ($required['number'] || $required['lowercase'] || $required['uppercase'] || $required['special']) {
  693. echo " (";
  694. }
  695. }
  696. if ($required['number']) {
  697. $required_temp[] = $text['label-number'];
  698. }
  699. if ($required['lowercase']) {
  700. $required_temp[] = $text['label-lowercase'];
  701. }
  702. if ($required['uppercase']) {
  703. $required_temp[] = $text['label-uppercase'];
  704. }
  705. if ($required['special']) {
  706. $required_temp[] = $text['label-special'];
  707. }
  708. if (!empty($required_temp)) {
  709. echo implode(', ',$required_temp);
  710. if (is_numeric($required['length']) && $required['length'] != 0) {
  711. echo ")";
  712. }
  713. }
  714. unset($required_temp);
  715. }
  716. echo " </td>";
  717. echo " </tr>";
  718. echo " <tr>";
  719. echo " <td class='vncell".(($action == 'add') ? 'req' : null)."' valign='top'>".$text['label-confirm_password']."</td>";
  720. echo " <td class='vtable'>";
  721. echo " <input type='password' autocomplete='new-password' class='formfld' name='password_confirm' id='password_confirm' value=\"".escape($password_confirm ?? null)."\" ".($action == 'add' ? "required='required'" : null)." onfocus='compare_passwords();' onkeyup='compare_passwords();' onblur='compare_passwords();'><br />\n";
  722. echo " ".$text['message-green_border_passwords_match']."\n";
  723. echo " </td>";
  724. echo " </tr>";
  725. echo " <tr>";
  726. echo " <td class='vncellreq'>".$text['label-email']."</td>";
  727. echo " <td class='vtable'><input type='text' class='formfld' name='user_email' value='".escape($user_email ?? '')."' required='required'></td>";
  728. echo " </tr>";
  729. echo " <tr>\n";
  730. echo " <td width='20%' class=\"vncell\" valign='top'>\n";
  731. echo " ".$text['label-user_language']."\n";
  732. echo " </td>\n";
  733. echo " <td class=\"vtable\" align='left'>\n";
  734. echo " <select id='user_language' name='user_language' class='formfld' style=''>\n";
  735. echo " <option value=''></option>\n";
  736. //get all language codes from database
  737. $sql = "select * from v_languages order by language asc ";
  738. $database = new database;
  739. $languages = $database->select($sql, null, 'all');
  740. if (!empty($languages) && is_array($languages) && sizeof($languages) != 0) {
  741. foreach ($languages as $row) {
  742. $language_codes[$row["code"]] = $row["language"];
  743. }
  744. }
  745. unset($sql, $languages, $row);
  746. if (is_array($_SESSION['app']['languages']) && sizeof($_SESSION['app']['languages']) != 0) {
  747. foreach ($_SESSION['app']['languages'] as $code) {
  748. $selected = (isset($user_language) && $code == $user_language) || (isset($user_settings['domain']['language']['code']) && $code == $user_settings['domain']['language']['code']) ? "selected='selected'" : null;
  749. echo " <option value='".$code."' ".$selected.">".escape($language_codes[$code] ?? null)." [".escape($code ?? null)."]</option>\n";
  750. }
  751. }
  752. echo " </select>\n";
  753. echo " <br />\n";
  754. echo " ".$text['description-user_language']."<br />\n";
  755. echo " </td>\n";
  756. echo " </tr>\n";
  757. echo " <tr>\n";
  758. echo " <td width='20%' class=\"vncell\" valign='top'>\n";
  759. echo " ".$text['label-time_zone']."\n";
  760. echo " </td>\n";
  761. echo " <td class=\"vtable\" align='left'>\n";
  762. echo " <select id='user_time_zone' name='user_time_zone' class='formfld' style=''>\n";
  763. echo " <option value=''></option>\n";
  764. //$list = DateTimeZone::listAbbreviations();
  765. $time_zone_identifiers = DateTimeZone::listIdentifiers();
  766. $previous_category = '';
  767. $x = 0;
  768. foreach ($time_zone_identifiers as $key => $row) {
  769. $time_zone = explode("/", $row);
  770. $category = $time_zone[0];
  771. if ($category != $previous_category) {
  772. if ($x > 0) {
  773. echo " </optgroup>\n";
  774. }
  775. echo " <optgroup label='".$category."'>\n";
  776. }
  777. $selected = (isset($user_time_zone) && $row == $user_time_zone) || (!empty($user_settings['domain']['time_zone']) && $row == $user_settings['domain']['time_zone']['name']) ? "selected='selected'" : null;
  778. echo " <option value='".escape($row)."' ".$selected.">".escape($row)."</option>\n";
  779. $previous_category = $category;
  780. $x++;
  781. }
  782. echo " </select>\n";
  783. echo " <br />\n";
  784. echo " ".$text['description-time_zone']."<br />\n";
  785. echo " </td>\n";
  786. echo " </tr>\n";
  787. if (isset($_SESSION['user_status_display']) && $_SESSION['user_status_display'] != "false") {
  788. echo " <tr>\n";
  789. echo " <td width='20%' class=\"vncell\" valign='top'>\n";
  790. echo " ".$text['label-status']."\n";
  791. echo " </td>\n";
  792. echo " <td class=\"vtable\">\n";
  793. $cmd = "'".PROJECT_PATH."/app/calls_active/v_calls_exec.php?cmd=callcenter_config+agent+set+status+".escape($username)."@".$_SESSION['domains'][$domain_uuid]['domain_name']."+'+this.value";
  794. echo " <select id='user_status' name='user_status' class='formfld' style='' onchange=\"send_cmd($cmd);\">\n";
  795. echo " <option value=''></option>\n";
  796. echo " <option value='Available' ".(($user_status == "Available") ? "selected='selected'" : null).">".$text['option-available']."</option>\n";
  797. echo " <option value='Available (On Demand)' ".(($user_status == "Available (On Demand)") ? "selected='selected'" : null).">".$text['option-available_on_demand']."</option>\n";
  798. echo " <option value='Logged Out' ".(($user_status == "Logged Out") ? "selected='selected'" : null).">".$text['option-logged_out']."</option>\n";
  799. echo " <option value='On Break' ".(($user_status == "On Break") ? "selected='selected'" : null).">".$text['option-on_break']."</option>\n";
  800. echo " <option value='Do Not Disturb' ".(($user_status == "Do Not Disturb") ? "selected='selected'" : null).">".$text['option-do_not_disturb']."</option>\n";
  801. echo " </select>\n";
  802. echo " <br />\n";
  803. echo " ".$text['description-status']."<br />\n";
  804. echo " </td>\n";
  805. echo " </tr>\n";
  806. }
  807. if ($action == 'edit' && permission_exists("user_edit") && permission_exists('contact_edit')) {
  808. echo " <tr>";
  809. echo " <td class='vncell' valign='top'>".$text['label-contact']."</td>";
  810. echo " <td class='vtable'>\n";
  811. $sql = "select ";
  812. $sql .= "c.contact_uuid, ";
  813. $sql .= "c.contact_organization, ";
  814. $sql .= "c.contact_name_given, ";
  815. $sql .= "c.contact_name_family, ";
  816. $sql .= "c.contact_nickname ";
  817. $sql .= "from ";
  818. $sql .= "v_contacts as c ";
  819. $sql .= "where ";
  820. $sql .= "c.domain_uuid = :domain_uuid ";
  821. $sql .= "and not exists ( ";
  822. $sql .= " select ";
  823. $sql .= " contact_uuid ";
  824. $sql .= " from ";
  825. $sql .= " v_users as u ";
  826. $sql .= " where ";
  827. $sql .= " u.domain_uuid = :domain_uuid ";
  828. if (is_uuid($contact_uuid)) { //don't exclude currently assigned contact
  829. $sql .= "and u.contact_uuid <> :contact_uuid ";
  830. $parameters['contact_uuid'] = $contact_uuid;
  831. }
  832. $sql .= " and u.contact_uuid = c.contact_uuid ";
  833. $sql .= ") ";
  834. $sql .= "order by ";
  835. $sql .= "lower(c.contact_organization) asc, ";
  836. $sql .= "lower(c.contact_name_family) asc, ";
  837. $sql .= "lower(c.contact_name_given) asc, ";
  838. $sql .= "lower(c.contact_nickname) asc ";
  839. $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
  840. $database = new database;
  841. $contacts = $database->select($sql, $parameters, 'all');
  842. unset($parameters);
  843. echo "<select name=\"contact_uuid\" id=\"contact_uuid\" class=\"formfld\">\n";
  844. echo "<option value=\"\"></option>\n";
  845. foreach($contacts as $row) {
  846. $contact_name = array();
  847. if (!empty($row['contact_organization'])) { $contact_name[] = $row['contact_organization']; }
  848. if (!empty($row['contact_name_family'])) { $contact_name[] = $row['contact_name_family']; }
  849. if (!empty($row['contact_name_given'])) { $contact_name[] = $row['contact_name_given']; }
  850. if (!empty($row['contact_name_family']) && empty($row['contact_name_family']) && !empty($row['contact_nickname'])) { $contact_name[] = $row['contact_nickname']; }
  851. echo "<option value='".escape($row['contact_uuid'])."' ".(($row['contact_uuid'] == $contact_uuid) ? "selected='selected'" : null).">".escape(implode(', ', $contact_name))."</option>\n";
  852. }
  853. unset($sql, $row_count);
  854. echo "</select>\n";
  855. echo "<br />\n";
  856. echo $text['description-contact']."\n";
  857. if (!empty($contact_uuid)) {
  858. echo " <a href=\"".PROJECT_PATH."/app/contacts/contact_edit.php?id=".urlencode($contact_uuid)."\">".$text['description-contact_view']."</a>\n";
  859. }
  860. echo " </td>";
  861. echo " </tr>";
  862. }
  863. elseif ($action == 'add' && permission_exists("user_add") && permission_exists('contact_add')) {
  864. echo " <tr>";
  865. echo " <td class='vncell'>".$text['label-first_name']."</td>";
  866. echo " <td class='vtable'><input type='text' class='formfld' name='contact_name_given' value='".escape($contact_name_given ?? '')."'></td>";
  867. echo " </tr>";
  868. echo " <tr>";
  869. echo " <td class='vncell'>".$text['label-last_name']."</td>";
  870. echo " <td class='vtable'><input type='text' class='formfld' name='contact_name_family' value='".escape($contact_name_family ?? '')."'></td>";
  871. echo " </tr>";
  872. echo " <tr>";
  873. echo " <td class='vncell'>".$text['label-organization']."</td>";
  874. echo " <td class='vtable'><input type='text' class='formfld' name='contact_organization' value='".escape($contact_organization ?? '')."'></td>";
  875. echo " </tr>";
  876. }
  877. if (permission_exists("user_groups")) {
  878. echo " <tr>";
  879. echo " <td class='vncellreq' valign='top'>".$text['label-groups']."</td>";
  880. echo " <td class='vtable'>";
  881. $sql = "select ";
  882. $sql .= " ug.*, g.domain_uuid as group_domain_uuid ";
  883. $sql .= "from ";
  884. $sql .= " v_user_groups as ug, ";
  885. $sql .= " v_groups as g ";
  886. $sql .= "where ";
  887. $sql .= " ug.group_uuid = g.group_uuid ";
  888. $sql .= " and (";
  889. $sql .= " g.domain_uuid = :domain_uuid ";
  890. $sql .= " or g.domain_uuid is null ";
  891. $sql .= " ) ";
  892. $sql .= " and ug.domain_uuid = :domain_uuid ";
  893. $sql .= " and ug.user_uuid = :user_uuid ";
  894. $sql .= "order by ";
  895. $sql .= " g.domain_uuid desc, ";
  896. $sql .= " g.group_name asc ";
  897. $parameters['domain_uuid'] = $domain_uuid;
  898. $parameters['user_uuid'] = $user_uuid;
  899. $database = new database;
  900. $user_groups = $database->select($sql, $parameters, 'all');
  901. if (is_array($user_groups)) {
  902. echo "<table cellpadding='0' cellspacing='0' border='0'>\n";
  903. foreach($user_groups as $field) {
  904. if (!empty($field['group_name'])) {
  905. echo "<tr>\n";
  906. echo " <td class='vtable' style='white-space: nowrap; padding-right: 30px;' nowrap='nowrap'>";
  907. echo escape($field['group_name']).((!empty($field['group_domain_uuid'])) ? "@".$_SESSION['domains'][$field['group_domain_uuid']]['domain_name'] : null);
  908. echo " </td>\n";
  909. if (permission_exists('user_group_delete') || if_group("superadmin")) {
  910. echo " <td class='list_control_icons' style='width: 25px;'>\n";
  911. echo " <a href='user_edit.php?id=".urlencode($user_uuid)."&domain_uuid=".urlencode($domain_uuid)."&group_uuid=".urlencode($field['group_uuid'])."&a=delete' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">".$v_link_label_delete."</a>\n";
  912. echo " </td>\n";
  913. }
  914. echo "</tr>\n";
  915. if (is_uuid($field['group_uuid'])) {
  916. $assigned_groups[] = $field['group_uuid'];
  917. }
  918. }
  919. }
  920. echo "</table>\n";
  921. }
  922. unset($sql, $parameters, $user_groups, $field);
  923. $sql = "select * from v_groups ";
  924. $sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) ";
  925. if (!empty($assigned_groups) && is_array($assigned_groups) && sizeof($assigned_groups) > 0) {
  926. $sql .= "and group_uuid not in ('".implode("','",$assigned_groups)."') ";
  927. }
  928. $sql .= "order by domain_uuid desc, group_name asc ";
  929. $parameters['domain_uuid'] = $domain_uuid;
  930. $database = new database;
  931. $groups = $database->select($sql, $parameters, 'all');
  932. if (is_array($groups)) {
  933. if (isset($assigned_groups)) { echo "<br />\n"; }
  934. echo "<select name='group_uuid_name' class='formfld' style='width: auto; margin-right: 3px;' ".($action == 'add' ? "required='required'" : null).">\n";
  935. echo " <option value=''></option>\n";
  936. foreach($groups as $field) {
  937. if ($field['group_level'] <= $_SESSION['user']['group_level']) {
  938. if (!isset($assigned_groups) || (isset($assigned_groups) && !in_array($field["group_uuid"], $assigned_groups))) {
  939. if (isset($group_uuid_name) && $group_uuid_name == $field['group_uuid']."|".$field['group_name']) { $selected = "selected='selected'"; } else { $selected = ''; }
  940. echo " <option value='".$field['group_uuid']."|".$field['group_name']."' $selected>".$field['group_name'].((!empty($field['domain_uuid'])) ? "@".$_SESSION['domains'][$field['domain_uuid']]['domain_name'] : null)."</option>\n";
  941. }
  942. }
  943. }
  944. echo "</select>";
  945. if ($action == 'edit') {
  946. echo button::create(['type'=>'button','label'=>$text['button-add'],'icon'=>$_SESSION['theme']['button_icon_add'],'onclick'=>'submit_form();']);
  947. }
  948. }
  949. unset($sql, $parameters, $groups, $field);
  950. echo " </td>";
  951. echo " </tr>";
  952. }
  953. if (permission_exists('user_domain')) {
  954. echo "<tr>\n";
  955. echo "<td class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
  956. echo " ".$text['label-domain']."\n";
  957. echo "</td>\n";
  958. echo "<td class='vtable' align='left'>\n";
  959. echo " <select class='formfld' name='domain_uuid'>\n";
  960. foreach ($_SESSION['domains'] as $row) {
  961. echo " <option value='".escape($row['domain_uuid'])."' ".(($row['domain_uuid'] == $domain_uuid) ? "selected='selected'" : null).">".escape($row['domain_name'])."</option>\n";
  962. }
  963. echo " </select>\n";
  964. echo "<br />\n";
  965. echo $text['description-domain_name']."\n";
  966. echo "</td>\n";
  967. echo "</tr>\n";
  968. }
  969. else {
  970. echo "<input type='hidden' name='domain_uuid' value='".escape($domain_uuid)."'>";
  971. }
  972. if (permission_exists('api_key')) {
  973. echo " <tr>";
  974. echo " <td class='vncell' valign='top'>".$text['label-api_key']."</td>";
  975. echo " <td class='vtable'>\n";
  976. echo " <input type='text' class='formfld' style='width: 250px; display: none;' name='api_key' id='api_key' value=\"".escape($api_key ?? '')."\" >";
  977. if (empty($api_key)) {
  978. //generate api key
  979. echo button::create(['type'=>'button',
  980. 'label'=>$text['button-generate'],
  981. 'icon'=>'key',
  982. 'onclick'=>"document.getElementById('api_key').value = '".generate_password(32,3)."';
  983. document.getElementById('frm').submit();"]);
  984. }
  985. else {
  986. //view the api key
  987. echo button::create(['type'=>'button',
  988. 'label'=>$text['button-view'],
  989. 'id'=>'button-api_key_view',
  990. 'icon'=>'key',
  991. 'onclick'=>"document.getElementById ('button-api_key_view').style.display = 'none';
  992. document.getElementById('api_key').style.display = 'inline';
  993. document.getElementById('button-api_key_hide').style.display = 'inline';
  994. document.getElementById('button-api_key_view').style.display = 'none';"]);
  995. echo button::create(['type'=>'button',
  996. 'label'=>$text['button-hide'],
  997. 'id'=>'button-api_key_hide',
  998. 'icon'=>'key',
  999. 'style'=>'display: none;',
  1000. 'onclick'=>"document.getElementById('api_key').style.display = 'none';
  1001. document.getElementById('button-api_key_hide').style.display = 'none';
  1002. document.getElementById('button-api_key_view').style.display = 'inline';"]);
  1003. }
  1004. if (!empty($text['description-api_key'])) {
  1005. echo " <br />".$text['description-api_key']."<br />\n";
  1006. }
  1007. echo " </td>";
  1008. echo " </tr>";
  1009. }
  1010. //user time based one time password secret
  1011. if (!empty($_SESSION['authentication']['methods']) && in_array('totp', $_SESSION['authentication']['methods'])) {
  1012. if (!empty($user_totp_secret) && !empty($username)) {
  1013. $otpauth = "otpauth://totp/".$username."?secret=".$user_totp_secret."&issuer=".$_SESSION['domain_name'];
  1014. require_once 'resources/qr_code/QRErrorCorrectLevel.php';
  1015. require_once 'resources/qr_code/QRCode.php';
  1016. require_once 'resources/qr_code/QRCodeImage.php';
  1017. try {
  1018. $code = new QRCode (- 1, QRErrorCorrectLevel::H);
  1019. $code->addData($otpauth);
  1020. $code->make();
  1021. $img = new QRCodeImage ($code, $width=210, $height=210, $quality=50);
  1022. $img->draw();
  1023. $image = $img->getImage();
  1024. $img->finish();
  1025. }
  1026. catch (Exception $error) {
  1027. echo $error;
  1028. }
  1029. }
  1030. echo "<tr>\n";
  1031. echo "<td class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
  1032. echo " ".$text['label-user_totp_secret']."\n";
  1033. echo "</td>\n";
  1034. echo "<td class='vtable' align='left' valign='top'>\n";
  1035. echo " <input type='hidden' class='formfld' style='width: 250px;' name='user_totp_secret' id='user_totp_secret' value=\"".escape($user_totp_secret)."\" >";
  1036. if (empty($user_totp_secret)) {
  1037. $base32 = new base2n(5, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567', FALSE, TRUE, TRUE);
  1038. $user_totp_secret = $base32->encode(generate_password(20,3));
  1039. echo button::create(['type'=>'button',
  1040. 'label'=>$text['button-setup'],
  1041. 'icon'=>'key',
  1042. 'onclick'=>"document.getElementById('user_totp_secret').value = '".$user_totp_secret."';
  1043. document.getElementById('frm').submit();"]);
  1044. }
  1045. else {
  1046. echo " <div id='totp_qr' style='display:none;'>\n";
  1047. echo " ".$user_totp_secret."<br />\n";
  1048. echo " <img src=\"data:image/jpeg;base64,".base64_encode($image)."\" style='margin-top: 0px; padding: 5px; background: white; max-width: 100%;'><br />\n";
  1049. echo " ".$text['description-user_totp_qr_code']."<br /><br />\n";
  1050. echo " </div>\n";
  1051. echo button::create(['type'=>'button',
  1052. 'label'=>$text['button-view'],
  1053. 'id'=>'button-totp_view',
  1054. 'icon'=>'key',
  1055. 'onclick'=>"document.getElementById('totp_qr').style.display = 'inline';
  1056. document.getElementById('button-totp_hide').style.display = 'inline';
  1057. document.getElementById('button-totp_disable').style.display = 'inline';
  1058. document.getElementById('button-totp_view').style.display = 'none';"]);
  1059. echo button::create(['type'=>'button',
  1060. 'label'=>$text['button-hide'],
  1061. 'id'=>'button-totp_hide',
  1062. 'icon'=>'key',
  1063. 'style'=>'display: none;',
  1064. 'onclick'=>"document.getElementById('totp_qr').style.display = 'none';
  1065. document.getElementById('button-totp_hide').style.display = 'none';
  1066. document.getElementById('button-totp_disable').style.display = 'none';
  1067. document.getElementById('button-totp_view').style.display = 'inline';"]);
  1068. echo button::create(['type'=>'button',
  1069. 'label'=>$text['button-disable'],
  1070. 'id'=>'button-totp_disable',
  1071. 'icon'=>'trash',
  1072. 'style'=>'display: none;',
  1073. 'onclick'=>"document.getElementById('user_totp_secret').value = '';
  1074. document.getElementById('frm').submit();"]);
  1075. }
  1076. if (empty($user_totp_secret)) {
  1077. echo " <br />".$text['description-user_totp_secret']."<br />\n";
  1078. }
  1079. else {
  1080. echo " <br />".$text['description-user_totp_view']."<br />\n";
  1081. }
  1082. echo "</td>\n";
  1083. echo "</tr>\n";
  1084. }
  1085. echo "<tr ".($user_uuid == $_SESSION['user_uuid'] ? "style='display: none;'" : null).">\n";
  1086. echo "<td class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
  1087. echo " ".$text['label-enabled']."\n";
  1088. echo "</td>\n";
  1089. echo "<td class='vtable' align='left'>\n";
  1090. if (substr($_SESSION['theme']['input_toggle_style']['text'], 0, 6) == 'switch') {
  1091. echo " <label class='switch'>\n";
  1092. echo " <input type='checkbox' id='user_enabled' name='user_enabled' value='true' ".($user_enabled == 'true' ? "checked='checked'" : null).">\n";
  1093. echo " <span class='slider'></span>\n";
  1094. echo " </label>\n";
  1095. }
  1096. else {
  1097. echo " <select class='formfld' id='user_enabled' name='user_enabled'>\n";
  1098. echo " <option value='true' ".($user_enabled == 'true' ? "selected='selected'" : null).">".$text['option-true']."</option>\n";
  1099. echo " <option value='false' ".($user_enabled == 'false' ? "selected='selected'" : null).">".$text['option-false']."</option>\n";
  1100. echo " </select>\n";
  1101. }
  1102. echo "<br />\n";
  1103. echo $text['description-enabled']."\n";
  1104. echo "</td>\n";
  1105. echo "</tr>\n";
  1106. echo "</table>";
  1107. echo "<br /><br />";
  1108. if ($action == 'edit') {
  1109. echo "<input type='hidden' name='id' value=\"".escape($user_uuid)."\">";
  1110. if (permission_exists("user_edit")) {
  1111. echo "<input type='hidden' name='username_old' value=\"".escape($username)."\">";
  1112. }
  1113. }
  1114. echo "<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
  1115. echo "</form>";
  1116. if (permission_exists("user_edit") && permission_exists('user_setting_view') && $action == 'edit') {
  1117. require $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH."/core/user_settings/user_settings.php";
  1118. echo "<br><br>";
  1119. }
  1120. echo "<script>\n";
  1121. //hide password fields before submit
  1122. echo " function submit_form() {\n";
  1123. echo " hide_password_fields();\n";
  1124. echo " $('form#frm').submit();\n";
  1125. echo " }\n";
  1126. echo "</script>\n";
  1127. //include the footer
  1128. require_once "resources/footer.php";
  1129. ?>