2007-10-10 19:15:47 +04:00
|
|
|
<?php
|
|
|
|
/*
|
2013-03-07 01:22:53 +04:00
|
|
|
* Copyright 2005-2013 the original author or authors.
|
|
|
|
*
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
*
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
2007-10-10 19:15:47 +04:00
|
|
|
*/
|
|
|
|
|
2012-09-13 17:35:25 +04:00
|
|
|
require_once('../libs/init.php');
|
2008-06-05 01:36:54 +04:00
|
|
|
require_once('../libs/operator.php');
|
2009-03-23 00:22:51 +03:00
|
|
|
require_once('../libs/operator_settings.php');
|
2007-10-10 19:15:47 +04:00
|
|
|
|
|
|
|
$operator = check_login();
|
2012-06-27 11:51:16 +04:00
|
|
|
csrfchecktoken();
|
2007-10-10 19:15:47 +04:00
|
|
|
|
2008-10-06 04:45:25 +04:00
|
|
|
$page = array('opid' => '');
|
2007-10-10 19:15:47 +04:00
|
|
|
$errors = array();
|
2008-10-06 04:45:25 +04:00
|
|
|
$opId = '';
|
2007-10-10 19:15:47 +04:00
|
|
|
|
2012-01-18 14:24:09 +04:00
|
|
|
if ((isset($_POST['login']) || !is_capable($can_administrate, $operator)) && isset($_POST['password'])) {
|
2011-02-26 17:06:19 +03:00
|
|
|
$opId = verifyparam("opid", "/^(\d{1,9})?$/", "");
|
2012-01-18 14:24:09 +04:00
|
|
|
if (is_capable($can_administrate, $operator)) {
|
|
|
|
$login = getparam('login');
|
|
|
|
} else {
|
|
|
|
$login = $operator['vclogin'];
|
|
|
|
}
|
2009-09-01 02:43:30 +04:00
|
|
|
$email = getparam('email');
|
2007-10-10 19:15:47 +04:00
|
|
|
$password = getparam('password');
|
|
|
|
$passwordConfirm = getparam('passwordConfirm');
|
2008-05-06 01:08:57 +04:00
|
|
|
$localname = getparam('name');
|
2007-10-10 19:15:47 +04:00
|
|
|
$commonname = getparam('commonname');
|
|
|
|
|
2011-02-26 17:06:19 +03:00
|
|
|
if (!$localname)
|
2007-10-10 19:15:47 +04:00
|
|
|
$errors[] = no_field("form.field.agent_name");
|
|
|
|
|
2011-02-26 17:06:19 +03:00
|
|
|
if (!$commonname)
|
2007-10-10 19:15:47 +04:00
|
|
|
$errors[] = no_field("form.field.agent_commonname");
|
|
|
|
|
2011-02-26 17:06:19 +03:00
|
|
|
if (!$login) {
|
2007-10-10 19:15:47 +04:00
|
|
|
$errors[] = no_field("form.field.login");
|
2011-02-26 17:06:19 +03:00
|
|
|
} else if (!preg_match("/^[\w_\.]+$/", $login)) {
|
2008-05-07 01:30:15 +04:00
|
|
|
$errors[] = getlocal("page_agent.error.wrong_login");
|
|
|
|
}
|
2007-10-10 19:15:47 +04:00
|
|
|
|
2011-02-26 17:06:19 +03:00
|
|
|
if ($email != '' && !is_valid_email($email))
|
2009-09-01 02:43:30 +04:00
|
|
|
$errors[] = wrong_field("form.field.mail");
|
|
|
|
|
2011-02-26 17:06:19 +03:00
|
|
|
if (!$opId && !$password)
|
2007-10-10 19:15:47 +04:00
|
|
|
$errors[] = no_field("form.field.password");
|
|
|
|
|
2011-02-26 17:06:19 +03:00
|
|
|
if ($password != $passwordConfirm)
|
2008-05-06 15:14:48 +04:00
|
|
|
$errors[] = getlocal("my_settings.error.password_match");
|
2007-10-10 19:15:47 +04:00
|
|
|
|
2008-05-06 01:08:57 +04:00
|
|
|
$existing_operator = operator_by_login($login);
|
2011-02-26 17:06:19 +03:00
|
|
|
if ((!$opId && $existing_operator) ||
|
|
|
|
($opId && $existing_operator && $opId != $existing_operator['operatorid']))
|
2008-05-06 15:14:48 +04:00
|
|
|
$errors[] = getlocal("page_agent.error.duplicate_login");
|
2011-02-26 17:06:19 +03:00
|
|
|
|
|
|
|
$canmodify = ($opId == $operator['operatorid'] && is_capable($can_modifyprofile, $operator))
|
|
|
|
|| is_capable($can_administrate, $operator);
|
|
|
|
if (!$canmodify) {
|
2009-04-10 18:12:57 +04:00
|
|
|
$errors[] = getlocal('page_agent.cannot_modify');
|
|
|
|
}
|
2011-02-26 17:06:19 +03:00
|
|
|
|
|
|
|
if (count($errors) == 0) {
|
2008-10-06 04:45:25 +04:00
|
|
|
if (!$opId) {
|
2011-02-26 17:06:19 +03:00
|
|
|
$newop = create_operator($login, $email, $password, $localname, $commonname, "");
|
|
|
|
header("Location: $webimroot/operator/avatar.php?op=" . $newop['operatorid']);
|
2008-12-09 02:47:40 +03:00
|
|
|
exit;
|
2007-10-10 19:15:47 +04:00
|
|
|
} else {
|
2011-02-26 17:06:19 +03:00
|
|
|
update_operator($opId, $login, $email, $password, $localname, $commonname);
|
2011-04-15 03:24:33 +04:00
|
|
|
// update the session password
|
2012-01-18 14:11:49 +04:00
|
|
|
if (!empty($password) && $opId == $operator['operatorid']) {
|
2011-04-15 03:24:33 +04:00
|
|
|
$toDashboard = $operator['vcpassword'] == md5('') && $password != '';
|
2013-02-04 13:01:48 +04:00
|
|
|
$_SESSION[$session_prefix."operator"]['vcpassword'] = md5($password);
|
2011-04-15 03:24:33 +04:00
|
|
|
if($toDashboard) {
|
|
|
|
header("Location: $webimroot/operator/index.php");
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
}
|
2009-03-25 02:34:57 +03:00
|
|
|
header("Location: $webimroot/operator/operator.php?op=$opId&stored");
|
2008-12-09 02:47:40 +03:00
|
|
|
exit;
|
2007-10-10 19:15:47 +04:00
|
|
|
}
|
|
|
|
} else {
|
2008-05-06 15:14:48 +04:00
|
|
|
$page['formlogin'] = topage($login);
|
|
|
|
$page['formname'] = topage($localname);
|
2009-09-01 02:43:30 +04:00
|
|
|
$page['formemail'] = topage($email);
|
2008-05-06 15:14:48 +04:00
|
|
|
$page['formcommonname'] = topage($commonname);
|
2008-10-06 04:45:25 +04:00
|
|
|
$page['opid'] = topage($opId);
|
2007-10-10 19:15:47 +04:00
|
|
|
}
|
|
|
|
|
2011-02-26 17:06:19 +03:00
|
|
|
} else if (isset($_GET['op'])) {
|
|
|
|
$opId = verifyparam('op', "/^\d{1,9}$/");
|
2008-10-06 04:45:25 +04:00
|
|
|
$op = operator_by_id($opId);
|
2007-10-10 19:15:47 +04:00
|
|
|
|
2011-02-26 17:06:19 +03:00
|
|
|
if (!$op) {
|
2008-05-06 15:14:48 +04:00
|
|
|
$errors[] = getlocal("no_such_operator");
|
2008-10-06 04:45:25 +04:00
|
|
|
$page['opid'] = topage($opId);
|
2007-10-10 19:15:47 +04:00
|
|
|
} else {
|
2011-04-13 18:44:09 +04:00
|
|
|
//show an error if the admin password hasn't been set yet.
|
|
|
|
if ($operator['vcpassword']==md5('') && !isset($_GET['stored']))
|
|
|
|
{
|
|
|
|
$errors[] = getlocal("my_settings.error.no_password");
|
|
|
|
}
|
|
|
|
|
2008-05-06 15:14:48 +04:00
|
|
|
$page['formlogin'] = topage($op['vclogin']);
|
|
|
|
$page['formname'] = topage($op['vclocalename']);
|
2009-09-01 02:43:30 +04:00
|
|
|
$page['formemail'] = topage($op['vcemail']);
|
2008-05-06 15:14:48 +04:00
|
|
|
$page['formcommonname'] = topage($op['vccommonname']);
|
2008-10-06 04:45:25 +04:00
|
|
|
$page['opid'] = topage($op['operatorid']);
|
2007-10-10 19:15:47 +04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2011-02-26 17:06:19 +03:00
|
|
|
if (!$opId && !is_capable($can_administrate, $operator)) {
|
2012-01-29 23:22:17 +04:00
|
|
|
$errors[] = getlocal("page_agent.error.forbidden_create");
|
2009-05-31 20:13:22 +04:00
|
|
|
}
|
|
|
|
|
2011-02-26 17:06:19 +03:00
|
|
|
$canmodify = ($opId == $operator['operatorid'] && is_capable($can_modifyprofile, $operator))
|
|
|
|
|| is_capable($can_administrate, $operator);
|
2009-05-31 20:13:22 +04:00
|
|
|
|
2009-03-25 02:34:57 +03:00
|
|
|
$page['stored'] = isset($_GET['stored']);
|
2009-05-31 20:13:22 +04:00
|
|
|
$page['canmodify'] = $canmodify ? "1" : "";
|
2012-01-18 14:24:09 +04:00
|
|
|
$page['canchangelogin'] = is_capable($can_administrate, $operator);
|
2011-04-15 03:24:33 +04:00
|
|
|
$page['needChangePassword'] = $operator['vcpassword'] == md5('');
|
2009-05-31 20:13:22 +04:00
|
|
|
|
2009-03-16 04:20:04 +03:00
|
|
|
prepare_menu($operator);
|
2011-02-26 17:06:19 +03:00
|
|
|
setup_operator_settings_tabs($opId, 0);
|
2007-10-10 19:15:47 +04:00
|
|
|
start_html_output();
|
|
|
|
require('../view/agent.php');
|
2013-03-13 01:03:50 +04:00
|
|
|
?>
|