Added ability to disable operator's account

2025-01-23 01:50:34 +03:00 · 2011-12-19 17:55:22 +00:00 · 2011-12-19 17:55:22 +00:00 · fbeba2a54f
commit fbeba2a54f
parent 7bd3e21ca8
8 changed files with 93 additions and 27 deletions
--- a/src/messenger/webim/install/dbinfo.php
+++ b/src/messenger/webim/install/dbinfo.php
@ -74,6 +74,7 @@ $dbtables = array(
 		"vcemail" => "varchar(64)",
 		"dtmlastvisited" => "datetime DEFAULT 0",
 		"istatus" => "int DEFAULT 0", /* 0 - online, 1 - away */
 		"idisabled" => "int DEFAULT 0",
 		"vcavatar" => "varchar(255)",
 		"vcjabbername" => "varchar(255)",
 		"iperm" => "int DEFAULT 65535",
@ -153,7 +154,7 @@ $memtables = array();
 $dbtables_can_update = array(
 	"${mysqlprefix}chatthread" => array("agentId", "userTyping", "agentTyping", "messageCount", "nextagent", "shownmessageid", "userid", "userAgent", "groupid", "dtmchatstarted"),
 	"${mysqlprefix}chatmessage" => array("agentId"),
-	"${mysqlprefix}chatoperator" => array("vcavatar", "vcjabbername", "iperm", "istatus", "vcemail", "dtmrestore", "vcrestoretoken"),
+	"${mysqlprefix}chatoperator" => array("vcavatar", "vcjabbername", "iperm", "istatus", "idisabled", "vcemail", "dtmrestore", "vcrestoretoken"),
 	"${mysqlprefix}chatban" => array(),
 	"${mysqlprefix}chatgroup" => array("vcemail"),
 	"${mysqlprefix}chatgroupoperator" => array(),
--- a/src/messenger/webim/install/dbperform.php
+++ b/src/messenger/webim/install/dbperform.php
@ -127,6 +127,10 @@ if ($act == "silentcreateall") {
 			runsql("ALTER TABLE ${mysqlprefix}chatoperator ADD istatus int DEFAULT 0", $link);
 		}
 		if (in_array("${mysqlprefix}chatoperator.idisabled", $absent)) {
 			runsql("ALTER TABLE ${mysqlprefix}chatoperator ADD idisabled int DEFAULT 0 AFTER istatus", $link);
 		}
 		if (in_array("${mysqlprefix}chatoperator.vcavatar", $absent)) {
 			runsql("ALTER TABLE ${mysqlprefix}chatoperator ADD vcavatar varchar(255)", $link);
 		}
--- a/src/messenger/webim/libs/operator.php
+++ b/src/messenger/webim/libs/operator.php
@ -73,7 +73,7 @@ function operator_get_all()
 	global $mysqlprefix;
 	$link = connect();
-	$query = "select operatorid, vclogin, vclocalename, vccommonname, istatus, (unix_timestamp(CURRENT_TIMESTAMP)-unix_timestamp(dtmlastvisited)) as time " .
+	$query = "select operatorid, vclogin, vclocalename, vccommonname, istatus, idisabled, (unix_timestamp(CURRENT_TIMESTAMP)-unix_timestamp(dtmlastvisited)) as time " .
 			 "from ${mysqlprefix}chatoperator order by vclogin";
 	$operators = select_multi_assoc($query, $link);
 	close_connection($link);
@ -98,6 +98,11 @@ function operator_is_away($operator)
 	return $operator['istatus'] != 0 && $operator['time'] < $settings['online_timeout'] ? "1" : "";
 }
 function operator_is_disabled($operator)
 {
 	return $operator['idisabled'] == '1';
 }
 function update_operator($operatorid, $login, $email, $password, $localename, $commonname)
 {
 	global $mysqlprefix;
@ -221,7 +226,7 @@ function check_login($redirect = true)
 		if (isset($_COOKIE['webim_lite'])) {
 			list($login, $pwd) = preg_split("/,/", $_COOKIE['webim_lite'], 2);
 			$op = operator_by_login($login);
-			if ($op && isset($pwd) && isset($op['vcpassword']) && md5($op['vcpassword']) == $pwd) {
+			if ($op && isset($pwd) && isset($op['vcpassword']) && md5($op['vcpassword']) == $pwd && !operator_is_disabled($op)) {
 				$_SESSION["${mysqlprefix}operator"] = $op;
 				return $op;
 			}
--- a/src/messenger/webim/locales/en/properties
+++ b/src/messenger/webim/locales/en/properties
@ -328,6 +328,12 @@ page_agent.title=Operator details
 page_agents.agent_name=Name
 page_agents.agents=Full list of operators:
 page_agents.confirm=Are you sure that you want to delete operator "{0}"?
 page_agents.cannot.disable.admin=Cannot disable "admin".
 page_agents.cannot.disable.self=Cannot disable self.
 page_agents.disable.agent=disable
 page_agents.disable.not.allowed=You are not allowed to disable operators.
 page_agents.enable.agent=enable
 page_agents.enable.not.allowed=You are not allowed to enable operators.
 page_agents.intro=This page displays a list of company operators.
 page_agents.isaway=Away
 page_agents.isonline=Online
@ -352,6 +358,7 @@ page_client.pending_users=You can find awaiting visitors.
 page_group.tab.main=General
 page_group.tab.members=Members
 page_login.error=Entered login/password is incorrect
 page_login.operator.disabled=Your account is temporarily blocked. Please contact system administrator.
 page_login.intro=Please enter your username and password to access administrative tools. See your visitors and browse the history. 
 page_login.login=Login:
 page_login.password=Password:
--- a/src/messenger/webim/locales/ru/properties
+++ b/src/messenger/webim/locales/ru/properties
@ -326,6 +326,12 @@ page_agent.title=
 page_agents.agent_name=Имя
 page_agents.agents=Полный список операторов:
 page_agents.confirm=Вы уверены что хотите удалить оператора "{0}"?
 page_agents.cannot.disable.admin=Невозможно заблокировать оператора "admin".
 page_agents.cannot.disable.self=Невозможно заблокировать себя.
 page_agents.disable.agent=заблокировать
 page_agents.disable.not.allowed=Вы не можете блокировать операторов.
 page_agents.enable.agent=разблокировать
 page_agents.enable.not.allowed=Вы не можете разблокировать операторов.
 page_agents.intro=На этой странице можно просмотреть список операторов компании и добавить нового при наличии соответствующих прав доступа.
 page_agents.isaway=Отошел
 page_agents.isonline=Доступен
@ -352,6 +358,7 @@ page_group.tab.members=
 page_login.error=Введен неправильный логин или пароль
 page_login.intro=Пожалуйста, введите ваши имя и пароль для получения операторского доступа к системе. 
 page_login.login=Логин:
 page_login.operator.disabled=Ваша учетная запись временно заблокированна. Пожалуйста, свяжитесь с администратором системы.
 page_login.password=Пароль:
 page_login.remember=Запомнить
 page_login.title=Вход в систему
--- a/src/messenger/webim/operator/login.php
+++ b/src/messenger/webim/operator/login.php
@ -31,7 +31,7 @@ if (isset($_POST['login']) && isset($_POST['password'])) {
 	$remember = isset($_POST['isRemember']) && $_POST['isRemember'] == "on";
 	$operator = operator_by_login($login);
-	if ($operator && isset($operator['vcpassword']) && $operator['vcpassword'] == md5($password)) {
+	if ($operator && isset($operator['vcpassword']) && $operator['vcpassword'] == md5($password) && !operator_is_disabled($operator)) {
 		$target = $password == ''
 				? "$webimroot/operator/operator.php?op=" . $operator['operatorid']
@ -42,8 +42,12 @@ if (isset($_POST['login']) && isset($_POST['password'])) {
 		login_operator($operator, $remember);
 		header("Location: $target");
 		exit;
 	} else {
 		if (operator_is_disabled($operator)) {
 			$errors[] = getlocal('page_login.operator.disabled');
 		} else {
 			$errors[] = getlocal("page_login.error");
 		}
 		$page['formlogin'] = $login;
 	}
 }
--- a/src/messenger/webim/operator/operators.php
+++ b/src/messenger/webim/operator/operators.php
@ -26,13 +26,14 @@ $operator = check_login();
 force_password($operator);
-if (isset($_GET['act']) && $_GET['act'] == 'del') {
+if (isset($_GET['act'])) {
 	$operatorid = isset($_GET['id']) ? $_GET['id'] : "";
 	$operatorid = isset($_GET['id']) ? $_GET['id'] : "";
 	if (!preg_match("/^\d+$/", $operatorid)) {
-		$errors[] = "Cannot delete: wrong argument";
+		$errors[] = getlocal("no_such_operator");
 	}
 	if ($_GET['act'] == 'del') {
 		if (!is_capable($can_administrate, $operator)) {
 			$errors[] = "You are not allowed to remove operators";
 		}
@ -59,6 +60,35 @@ if (isset($_GET['act']) && $_GET['act'] == 'del') {
 			header("Location: $webimroot/operator/operators.php");
 			exit;
 		}
 	}
 	if ($_GET['act'] == 'disable' || $_GET['act'] == 'enable') {
 		$act_disable = ($_GET['act'] == 'disable');
 		if (!is_capable($can_administrate, $operator)) {
 			$errors[] = $act_disable?getlocal('page_agents.disable.not.allowed'):getlocal('page_agents.enable.not.allowed');
 		}
 		if ($operatorid == $operator['operatorid'] && $act_disable) {
 			$errors[] = getlocal('page_agents.cannot.disable.self');
 		}
 		if (count($errors) == 0) {
 			$op = operator_by_id($operatorid);
 			if (!$op) {
 				$errors[] = getlocal("no_such_operator");
 			} else if ($op['vclogin'] == 'admin' && $act_disable) {
 				$errors[] = getlocal('page_agents.cannot.disable.admin');
 			}
 		}
 		if (count($errors) == 0) {
 			$link = connect();
 			perform_query("update ${mysqlprefix}chatoperator set idisabled = ".($act_disable?'1':'0')." where operatorid = $operatorid", $link);
 			close_connection($link);
 			header("Location: $webimroot/operator/operators.php");
 			exit;
 		}
 	}
 }
 $page = array();
--- a/src/messenger/webim/view/agents.php
+++ b/src/messenger/webim/view/agents.php
@ -60,6 +60,7 @@ require_once('inc_errors.php');
 	<?php echo getlocal("page_agents.status") ?>
 <?php if($page['canmodify']) { ?>
 </th><th>
 </th><th>
 <?php } ?>
 </th>
 </tr>
@ -85,6 +86,13 @@ require_once('inc_errors.php');
 <?php } ?>
 	</td>
 <?php if($page['canmodify']) { ?>
 	<td>
 <?php if(operator_is_disabled($a)){ ?>
 		<a href="<?php echo $webimroot ?>/operator/operators.php?act=enable&amp;id=<?php echo $a['operatorid'] ?>"><?php echo getlocal("page_agents.enable.agent") ?></a>
 <?php }else{ ?>
 		<a href="<?php echo $webimroot ?>/operator/operators.php?act=disable&amp;id=<?php echo $a['operatorid'] ?>"><?php echo getlocal("page_agents.disable.agent") ?></a>
 <?php } ?>
 	</td>
 	<td>
 		<a class="removelink" id="i<?php echo $a['operatorid'] ?>" href="<?php echo $webimroot ?>/operator/operators.php?act=del&amp;id=<?php echo $a['operatorid'] ?>">
 			remove