From fbeba2a54f7030fbdd6c4e9df061a6d6c9d76861 Mon Sep 17 00:00:00 2001 From: Dmitriy Simushev Date: Mon, 19 Dec 2011 17:55:22 +0000 Subject: [PATCH] Added ability to disable operator's account --- src/messenger/webim/install/dbinfo.php | 3 +- src/messenger/webim/install/dbperform.php | 4 ++ src/messenger/webim/libs/operator.php | 9 ++- src/messenger/webim/locales/en/properties | 7 ++ src/messenger/webim/locales/ru/properties | 7 ++ src/messenger/webim/operator/login.php | 8 ++- src/messenger/webim/operator/operators.php | 74 +++++++++++++++------- src/messenger/webim/view/agents.php | 8 +++ 8 files changed, 93 insertions(+), 27 deletions(-) diff --git a/src/messenger/webim/install/dbinfo.php b/src/messenger/webim/install/dbinfo.php index 1ea596ab..03ed8a3c 100644 --- a/src/messenger/webim/install/dbinfo.php +++ b/src/messenger/webim/install/dbinfo.php @@ -74,6 +74,7 @@ $dbtables = array( "vcemail" => "varchar(64)", "dtmlastvisited" => "datetime DEFAULT 0", "istatus" => "int DEFAULT 0", /* 0 - online, 1 - away */ + "idisabled" => "int DEFAULT 0", "vcavatar" => "varchar(255)", "vcjabbername" => "varchar(255)", "iperm" => "int DEFAULT 65535", @@ -153,7 +154,7 @@ $memtables = array(); $dbtables_can_update = array( "${mysqlprefix}chatthread" => array("agentId", "userTyping", "agentTyping", "messageCount", "nextagent", "shownmessageid", "userid", "userAgent", "groupid", "dtmchatstarted"), "${mysqlprefix}chatmessage" => array("agentId"), - "${mysqlprefix}chatoperator" => array("vcavatar", "vcjabbername", "iperm", "istatus", "vcemail", "dtmrestore", "vcrestoretoken"), + "${mysqlprefix}chatoperator" => array("vcavatar", "vcjabbername", "iperm", "istatus", "idisabled", "vcemail", "dtmrestore", "vcrestoretoken"), "${mysqlprefix}chatban" => array(), "${mysqlprefix}chatgroup" => array("vcemail"), "${mysqlprefix}chatgroupoperator" => array(), diff --git a/src/messenger/webim/install/dbperform.php b/src/messenger/webim/install/dbperform.php index c51470e0..5d987dce 100644 --- a/src/messenger/webim/install/dbperform.php +++ b/src/messenger/webim/install/dbperform.php @@ -127,6 +127,10 @@ if ($act == "silentcreateall") { runsql("ALTER TABLE ${mysqlprefix}chatoperator ADD istatus int DEFAULT 0", $link); } + if (in_array("${mysqlprefix}chatoperator.idisabled", $absent)) { + runsql("ALTER TABLE ${mysqlprefix}chatoperator ADD idisabled int DEFAULT 0 AFTER istatus", $link); + } + if (in_array("${mysqlprefix}chatoperator.vcavatar", $absent)) { runsql("ALTER TABLE ${mysqlprefix}chatoperator ADD vcavatar varchar(255)", $link); } diff --git a/src/messenger/webim/libs/operator.php b/src/messenger/webim/libs/operator.php index a0fea376..fe2870ba 100755 --- a/src/messenger/webim/libs/operator.php +++ b/src/messenger/webim/libs/operator.php @@ -73,7 +73,7 @@ function operator_get_all() global $mysqlprefix; $link = connect(); - $query = "select operatorid, vclogin, vclocalename, vccommonname, istatus, (unix_timestamp(CURRENT_TIMESTAMP)-unix_timestamp(dtmlastvisited)) as time " . + $query = "select operatorid, vclogin, vclocalename, vccommonname, istatus, idisabled, (unix_timestamp(CURRENT_TIMESTAMP)-unix_timestamp(dtmlastvisited)) as time " . "from ${mysqlprefix}chatoperator order by vclogin"; $operators = select_multi_assoc($query, $link); close_connection($link); @@ -98,6 +98,11 @@ function operator_is_away($operator) return $operator['istatus'] != 0 && $operator['time'] < $settings['online_timeout'] ? "1" : ""; } +function operator_is_disabled($operator) +{ + return $operator['idisabled'] == '1'; +} + function update_operator($operatorid, $login, $email, $password, $localename, $commonname) { global $mysqlprefix; @@ -221,7 +226,7 @@ function check_login($redirect = true) if (isset($_COOKIE['webim_lite'])) { list($login, $pwd) = preg_split("/,/", $_COOKIE['webim_lite'], 2); $op = operator_by_login($login); - if ($op && isset($pwd) && isset($op['vcpassword']) && md5($op['vcpassword']) == $pwd) { + if ($op && isset($pwd) && isset($op['vcpassword']) && md5($op['vcpassword']) == $pwd && !operator_is_disabled($op)) { $_SESSION["${mysqlprefix}operator"] = $op; return $op; } diff --git a/src/messenger/webim/locales/en/properties b/src/messenger/webim/locales/en/properties index 14852919..cccf52cd 100644 --- a/src/messenger/webim/locales/en/properties +++ b/src/messenger/webim/locales/en/properties @@ -328,6 +328,12 @@ page_agent.title=Operator details page_agents.agent_name=Name page_agents.agents=Full list of operators: page_agents.confirm=Are you sure that you want to delete operator "{0}"? +page_agents.cannot.disable.admin=Cannot disable "admin". +page_agents.cannot.disable.self=Cannot disable self. +page_agents.disable.agent=disable +page_agents.disable.not.allowed=You are not allowed to disable operators. +page_agents.enable.agent=enable +page_agents.enable.not.allowed=You are not allowed to enable operators. page_agents.intro=This page displays a list of company operators. page_agents.isaway=Away page_agents.isonline=Online @@ -352,6 +358,7 @@ page_client.pending_users=You can find awaiting visitors. page_group.tab.main=General page_group.tab.members=Members page_login.error=Entered login/password is incorrect +page_login.operator.disabled=Your account is temporarily blocked. Please contact system administrator. page_login.intro=Please enter your username and password to access administrative tools. See your visitors and browse the history. page_login.login=Login: page_login.password=Password: diff --git a/src/messenger/webim/locales/ru/properties b/src/messenger/webim/locales/ru/properties index 558f8b2c..8b52f824 100644 --- a/src/messenger/webim/locales/ru/properties +++ b/src/messenger/webim/locales/ru/properties @@ -326,6 +326,12 @@ page_agent.title= page_agents.agent_name=Имя page_agents.agents=Полный список операторов: page_agents.confirm=Вы уверены что хотите удалить оператора "{0}"? +page_agents.cannot.disable.admin=Невозможно заблокировать оператора "admin". +page_agents.cannot.disable.self=Невозможно заблокировать себя. +page_agents.disable.agent=заблокировать +page_agents.disable.not.allowed=Вы не можете блокировать операторов. +page_agents.enable.agent=разблокировать +page_agents.enable.not.allowed=Вы не можете разблокировать операторов. page_agents.intro=На этой странице можно просмотреть список операторов компании и добавить нового при наличии соответствующих прав доступа. page_agents.isaway=Отошел page_agents.isonline=Доступен @@ -352,6 +358,7 @@ page_group.tab.members= page_login.error=Введен неправильный логин или пароль page_login.intro=Пожалуйста, введите ваши имя и пароль для получения операторского доступа к системе. page_login.login=Логин: +page_login.operator.disabled=Ваша учетная запись временно заблокированна. Пожалуйста, свяжитесь с администратором системы. page_login.password=Пароль: page_login.remember=Запомнить page_login.title=Вход в систему diff --git a/src/messenger/webim/operator/login.php b/src/messenger/webim/operator/login.php index df202de5..3638b10a 100644 --- a/src/messenger/webim/operator/login.php +++ b/src/messenger/webim/operator/login.php @@ -31,7 +31,7 @@ if (isset($_POST['login']) && isset($_POST['password'])) { $remember = isset($_POST['isRemember']) && $_POST['isRemember'] == "on"; $operator = operator_by_login($login); - if ($operator && isset($operator['vcpassword']) && $operator['vcpassword'] == md5($password)) { + if ($operator && isset($operator['vcpassword']) && $operator['vcpassword'] == md5($password) && !operator_is_disabled($operator)) { $target = $password == '' ? "$webimroot/operator/operator.php?op=" . $operator['operatorid'] @@ -43,7 +43,11 @@ if (isset($_POST['login']) && isset($_POST['password'])) { header("Location: $target"); exit; } else { - $errors[] = getlocal("page_login.error"); + if (operator_is_disabled($operator)) { + $errors[] = getlocal('page_login.operator.disabled'); + } else { + $errors[] = getlocal("page_login.error"); + } $page['formlogin'] = $login; } } diff --git a/src/messenger/webim/operator/operators.php b/src/messenger/webim/operator/operators.php index 47937d35..e2c661e1 100644 --- a/src/messenger/webim/operator/operators.php +++ b/src/messenger/webim/operator/operators.php @@ -26,38 +26,68 @@ $operator = check_login(); force_password($operator); -if (isset($_GET['act']) && $_GET['act'] == 'del') { +if (isset($_GET['act'])) { + $operatorid = isset($_GET['id']) ? $_GET['id'] : ""; - if (!preg_match("/^\d+$/", $operatorid)) { - $errors[] = "Cannot delete: wrong argument"; + $errors[] = getlocal("no_such_operator"); } - if (!is_capable($can_administrate, $operator)) { - $errors[] = "You are not allowed to remove operators"; - } + if ($_GET['act'] == 'del') { + if (!is_capable($can_administrate, $operator)) { + $errors[] = "You are not allowed to remove operators"; + } - if ($operatorid == $operator['operatorid']) { - $errors[] = "Cannot remove self"; - } + if ($operatorid == $operator['operatorid']) { + $errors[] = "Cannot remove self"; + } - if (count($errors) == 0) { - $op = operator_by_id($operatorid); - if (!$op) { - $errors[] = getlocal("no_such_operator"); - } else if ($op['vclogin'] == 'admin') { - $errors[] = 'Cannot remove operator "admin"'; + if (count($errors) == 0) { + $op = operator_by_id($operatorid); + if (!$op) { + $errors[] = getlocal("no_such_operator"); + } else if ($op['vclogin'] == 'admin') { + $errors[] = 'Cannot remove operator "admin"'; + } + } + + if (count($errors) == 0) { + $link = connect(); + perform_query("delete from ${mysqlprefix}chatgroupoperator where operatorid = $operatorid", $link); + perform_query("delete from ${mysqlprefix}chatoperator where operatorid = $operatorid", $link); + close_connection($link); + + header("Location: $webimroot/operator/operators.php"); + exit; } } + if ($_GET['act'] == 'disable' || $_GET['act'] == 'enable') { + $act_disable = ($_GET['act'] == 'disable'); + if (!is_capable($can_administrate, $operator)) { + $errors[] = $act_disable?getlocal('page_agents.disable.not.allowed'):getlocal('page_agents.enable.not.allowed'); + } - if (count($errors) == 0) { - $link = connect(); - perform_query("delete from ${mysqlprefix}chatgroupoperator where operatorid = $operatorid", $link); - perform_query("delete from ${mysqlprefix}chatoperator where operatorid = $operatorid", $link); - close_connection($link); + if ($operatorid == $operator['operatorid'] && $act_disable) { + $errors[] = getlocal('page_agents.cannot.disable.self'); + } - header("Location: $webimroot/operator/operators.php"); - exit; + if (count($errors) == 0) { + $op = operator_by_id($operatorid); + if (!$op) { + $errors[] = getlocal("no_such_operator"); + } else if ($op['vclogin'] == 'admin' && $act_disable) { + $errors[] = getlocal('page_agents.cannot.disable.admin'); + } + } + + if (count($errors) == 0) { + $link = connect(); + perform_query("update ${mysqlprefix}chatoperator set idisabled = ".($act_disable?'1':'0')." where operatorid = $operatorid", $link); + close_connection($link); + + header("Location: $webimroot/operator/operators.php"); + exit; + } } } diff --git a/src/messenger/webim/view/agents.php b/src/messenger/webim/view/agents.php index b544f11b..fd25bf8d 100644 --- a/src/messenger/webim/view/agents.php +++ b/src/messenger/webim/view/agents.php @@ -60,6 +60,7 @@ require_once('inc_errors.php'); + @@ -85,6 +86,13 @@ require_once('inc_errors.php'); + + + + + + + remove