mirror of
https://github.com/ACSPRI/queXS
synced 2024-04-02 12:12:16 +00:00
Remove references to HTPASSWD
Updated user creation / editing code to refer to limesurvey session
This commit is contained in:
Adam Zammit
@@ -61,6 +61,7 @@ if (isset($_POST['client']))
|
||||
{
|
||||
$client = $db->qstr($_POST['client'],get_magic_quotes_gpc());
|
||||
$firstname = $db->qstr($_POST['firstname'],get_magic_quotes_gpc());
|
||||
$email = $db->qstr($_POST['email'],get_magic_quotes_gpc());
|
||||
$lastname = $db->qstr($_POST['lastname'],get_magic_quotes_gpc());
|
||||
$time_zone_name = $db->qstr($_POST['Time_zone_name'],get_magic_quotes_gpc());
|
||||
|
||||
@@ -72,17 +73,15 @@ if (isset($_POST['client']))
|
||||
|
||||
if ($db->Execute($sql))
|
||||
{
|
||||
if (HTPASSWD_PATH !== false && HTGROUP_PATH !== false)
|
||||
{
|
||||
//Get password and add it to the configured htpassword
|
||||
include_once("../functions/functions.htpasswd.php");
|
||||
$htp = New Htpasswd(HTPASSWD_PATH);
|
||||
$htg = New Htgroup(HTGROUP_PATH);
|
||||
|
||||
$htp->addUser($_POST['client'],$_POST['password']);
|
||||
$htg->addUserToGroup($_POST['client'],HTGROUP_CLIENT);
|
||||
}
|
||||
include_once("../include/limesurvey/admin/classes/core/sha256.php");
|
||||
|
||||
//Insert into lime_users
|
||||
$sql = "INSERT INTO " . LIME_PREFIX . "users (`users_name`,`password`,`full_name`,`parent_id`,`superadmin`,`email`,`lang`)
|
||||
VALUES ($client, '" . SHA256::hashing($_POST['password']) . "',$firstname,1,0,$email,'auto')";
|
||||
|
||||
$db->Execute($sql);
|
||||
|
||||
|
||||
$a = T_("Added: $client");
|
||||
}
|
||||
else
|
||||
@@ -154,16 +153,14 @@ function generate() {
|
||||
<label class="control-label col-sm-3"><?php echo T_("Enter the username of a client to add:"); ?></label>
|
||||
<input name="client" type="text" class="form-control pull-left" required size="40" />
|
||||
</div>
|
||||
<?php if (HTPASSWD_PATH !== false && HTGROUP_PATH !== false) { ?>
|
||||
<div class="form-group form-inline">
|
||||
<label class="control-label col-sm-3"><?php echo T_("Enter the password of a client to add:"); ?></label>
|
||||
<input name="password" type="text" class="form-control pull-left" size="40" required pattern="(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}" />
|
||||
<input name="password" type="text" class="form-control pull-left" size="40" required />
|
||||
<div class="form-inline">  
|
||||
<input type="button" onclick="generate();" value="<?php echo T_("Generate");?>" class="btn btn-default fa" /> <?php echo T_("Password with");?> 
|
||||
<input type="number" name="number" value="25" min="8" max="50" style="width:5em;" class="form-control" /> <?php echo T_("characters");?>
|
||||
</div>
|
||||
</div>
|
||||
<?php } ?>
|
||||
<div class="form-group form-inline">
|
||||
<label class="control-label col-sm-3"><?php echo T_("Enter the first name of a client to add:"); ?></label>
|
||||
<input name="firstname" type="text" class="form-control pull-left" size="40" />
|
||||
@@ -171,7 +168,11 @@ function generate() {
|
||||
<div class="form-group form-inline">
|
||||
<label class="control-label col-sm-3"><?php echo T_("Enter the surname of a client to add:"); ?></label>
|
||||
<input name="lastname" type="text" class="form-control pull-left" size="40"/>
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-group form-inline">
|
||||
<label class="col-sm-3 control-label"><?php echo T_("Email") . ": ";?></label>
|
||||
<input name="email" type="text" class="form-control pull-left"/>
|
||||
</div>
|
||||
<div class="form-group form-inline">
|
||||
<label class="control-label col-sm-3"><a href='timezonetemplate.php'><?php echo T_("Enter the Time Zone of a client to add:"); echo "</a></label>";
|
||||
display_chooser($rs,"Time_zone_name","Time_zone_name",false,false,false,false,array("value",get_setting("DEFAULT_TIME_ZONE")),true,"pull-left"); ?>
|
||||
|
||||
@@ -60,25 +60,43 @@ if (isset($_POST['submit']))
|
||||
if (isset($_POST['chat_enable'])) $chat_enable = 1;
|
||||
if (isset($_POST['enabled'])) $enabled = 1;
|
||||
|
||||
if (HTPASSWD_PATH !== false && $_POST['existing_username'] != $_POST['username'] && empty($_POST['password']))
|
||||
{
|
||||
$msg = "<div class='alert alert-danger'><h3>" . T_("If changing usernames, you must specify a new password") . "</h3></div>";
|
||||
}
|
||||
else
|
||||
{
|
||||
$sql = "UPDATE operator
|
||||
SET username = " . $db->qstr($_POST['username']) . ",
|
||||
lastName = " . $db->qstr($_POST['lastName']) . ",
|
||||
firstName = " . $db->qstr($_POST['firstName']) . ",
|
||||
chat_user = " . $db->qstr($_POST['chat_user']) . ",
|
||||
chat_password = " . $db->qstr($_POST['chat_password']) . ",
|
||||
Time_zone_name = " . $db->qstr($_POST['timezone']) . ",
|
||||
voip = $voip, enabled = $enabled, chat_enable = $chat_enable
|
||||
WHERE operator_id = $operator_id";
|
||||
//get username
|
||||
$sql = "SELECT username
|
||||
FROM operator
|
||||
WHERE operator_id = $operator_id";
|
||||
|
||||
$rs = $db->Execute($sql);
|
||||
$uname = $db->GetOne($sql);
|
||||
|
||||
if (!empty($rs))
|
||||
$sql = "UPDATE " . LIME_PREFIX . "users
|
||||
SET users_name = " . $db->qstr($_POST['username']) . ",
|
||||
email = " . $db->qstr($_POST['email']) . ",
|
||||
full_name = " . $db->qstr($_POST['firstName']);
|
||||
|
||||
if (!empty($_POST['password']))
|
||||
{
|
||||
include_once("../include/limesurvey/admin/classes/core/sha256.php");
|
||||
$sql .= ", password = '" . SHA256::hashing($_POST['password']) . "' ";
|
||||
}
|
||||
|
||||
$sql .= " WHERE users_name = '$uname'";
|
||||
|
||||
$rs = $db->Execute($sql);
|
||||
|
||||
if (!empty($rs))
|
||||
{
|
||||
$sql = "UPDATE operator
|
||||
SET username = " . $db->qstr($_POST['username']) . ",
|
||||
lastName = " . $db->qstr($_POST['lastName']) . ",
|
||||
firstName = " . $db->qstr($_POST['firstName']) . ",
|
||||
chat_user = " . $db->qstr($_POST['chat_user']) . ",
|
||||
chat_password = " . $db->qstr($_POST['chat_password']) . ",
|
||||
Time_zone_name = " . $db->qstr($_POST['timezone']) . ",
|
||||
voip = $voip, enabled = $enabled, chat_enable = $chat_enable
|
||||
WHERE operator_id = $operator_id";
|
||||
|
||||
$rs = $db->Execute($sql);
|
||||
|
||||
if (!empty($rs))
|
||||
{
|
||||
//only update extension if we aren't on a case
|
||||
$sql = "SELECT case_id
|
||||
@@ -94,38 +112,28 @@ if (isset($_POST['submit']))
|
||||
WHERE current_operator_id= $operator_id";
|
||||
|
||||
$db->Execute($sql);
|
||||
|
||||
|
||||
if (!empty($_POST['extension_id']))
|
||||
{
|
||||
$sql = "UPDATE extension
|
||||
SET current_operator_id = $operator_id
|
||||
WHERE extension_id = " . intval($_POST['extension_id']);
|
||||
|
||||
|
||||
$db->Execute($sql);
|
||||
}
|
||||
}
|
||||
|
||||
if (HTPASSWD_PATH !== false && !empty($_POST['password']))
|
||||
{
|
||||
//update password in htaccess
|
||||
include_once(dirname(__FILE__).'/../functions/functions.htpasswd.php');
|
||||
$htp = New Htpasswd(HTPASSWD_PATH);
|
||||
$htp->deleteUser($_POST["existing_username"]);
|
||||
$htp->deleteUser($_POST["username"]);
|
||||
$htp->addUser($_POST["username"],$_POST["password"]);
|
||||
$htg = New Htgroup(HTGROUP_PATH);
|
||||
$htg->deleteUserFromGroup($_POST["existing_username"],HTGROUP_INTERVIEWER);
|
||||
$htg->addUserToGroup($_POST["username"],HTGROUP_INTERVIEWER);
|
||||
}
|
||||
|
||||
$msg = "<div class='alert alert-info'><h3>" . T_("Successfully updated user") . ": " . $_POST['username'] . "</h3></div>";
|
||||
}
|
||||
else
|
||||
{
|
||||
$msg = "<div class='alert alert-danger'><h3>" . T_("Failed to update user") . ": " . $_POST['username'] . " " . T_("Please make sure the username is unique") . "</h3></div>";
|
||||
}
|
||||
}
|
||||
$_GET['edit'] = $operator_id;
|
||||
$msg = "<div class='alert alert-info'><h3>" . T_("Successfully updated user") . ": " . $_POST['username'] . "</h3></div>";
|
||||
}
|
||||
else
|
||||
{
|
||||
$msg = "<div class='alert alert-danger'><h3>" . T_("Failed to update user") . ": " . $_POST['username'] . " " . T_("Please make sure the username is unique") . "</h3></div>";
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$msg = "<div class='alert alert-danger'><h3>" . T_("Failed to update user") . ": " . $_POST['username'] . " " . T_("Please make sure the username is unique") . "</h3></div>";
|
||||
}
|
||||
$_GET['edit'] = $operator_id;
|
||||
}
|
||||
|
||||
|
||||
@@ -135,9 +143,10 @@ if (isset($_GET['edit']))
|
||||
|
||||
$operator_id = intval($_GET['edit']);
|
||||
|
||||
$sql = "SELECT *
|
||||
FROM operator
|
||||
WHERE operator_id = $operator_id";
|
||||
$sql = "SELECT o.*,l.superadmin,l.email
|
||||
FROM operator as o, " . LIME_PREFIX ."users as l
|
||||
WHERE o.operator_id = $operator_id
|
||||
AND l.users_name = o.username";
|
||||
|
||||
$rs = $db->GetRow($sql);
|
||||
|
||||
@@ -205,7 +214,6 @@ function generate() {
|
||||
<label for="username" class="col-sm-3 control-label"><?php echo T_("Username") . ": "; ?></label>
|
||||
<div class="col-sm-3"><input type='text' name='username' class="form-control" value="<?php echo $rs['username'];?>"/></div>
|
||||
</div>
|
||||
<?php if (HTPASSWD_PATH !== false) { ?>
|
||||
<div class="form-group">
|
||||
<label for="password" class="col-sm-3 control-label"><?php echo T_("Password") . ": "; ?></label>
|
||||
<div class="col-sm-3"><input type='text' name='password' class="form-control" placeholder="<?php echo T_("leave blank to keep existing password");?>"/></div>
|
||||
@@ -214,7 +222,6 @@ function generate() {
|
||||
<input type="number" name="number" value="25" min="8" max="50" style="width:5em;" class="form-control" /> <?php echo T_("characters");?>
|
||||
</div>
|
||||
</div>
|
||||
<?php } ?>
|
||||
<div class="form-group">
|
||||
<label for="firstName" class="col-sm-3 control-label"><?php echo T_("First name") . ": "; ?></label>
|
||||
<div class="col-sm-3"><input type='text' name='firstName' class="form-control" value="<?php echo $rs['firstName'];?>"/></div>
|
||||
@@ -223,6 +230,10 @@ function generate() {
|
||||
<label for="lastName" class="col-sm-3 control-label"><?php echo T_("Last name") . ": "; ?></label>
|
||||
<div class="col-sm-3"><input type='text' name='lastName' class="form-control" value="<?php echo $rs['lastName'];?>"/></div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="email" class="col-sm-3 control-label"><?php echo T_("Email") . ": "; ?></label>
|
||||
<div class="col-sm-3"><input type='text' name='email' class="form-control" value="<?php echo $rs['email'];?>"/></div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="timezone" class="col-sm-3 control-label"><?php echo T_("Timezone") . ": ";?></label>
|
||||
<div class="col-sm-3"><?php display_chooser($tz,"timezone","timezone",false,false,false,true,array("value",$rs['Time_zone_name']),true,"form-inline"); ?></div>
|
||||
@@ -250,6 +261,10 @@ function generate() {
|
||||
<div class="form-group">
|
||||
<label for="chat_password" class="col-sm-3 control-label"><?php echo T_("Jabber/XMPP chat password") . ": "; ?></label>
|
||||
<div class="col-sm-3"><input type='text' name='chat_password' class="form-control" value="<?php echo $rs['chat_password'];?>"/></div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="admin" class="col-sm-3 control-label"><?php echo T_("Is the operator a system administrator?");?></label>
|
||||
<div class="col-sm-3"><input name="admin" type="checkbox" data-toggle="toggle" data-on="<?php echo T_("Yes"); ?>" data-off="<?php echo T_("No"); ?>" data-offstyle="primary" data-onstyle="danger" <?php if ($rs['superadmin']) echo "checked=\"checked\""; ?> value="1"/></div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="chat_enable" class="col-sm-3 control-label"><?php echo T_("Uses chat") . "? ";?></label>
|
||||
|
||||
@@ -57,6 +57,8 @@ $a = false;
|
||||
if (isset($_POST['operator']) && isset($_POST['adduser']))
|
||||
{
|
||||
$operator = $db->qstr($_POST['operator'],get_magic_quotes_gpc());
|
||||
$email= $db->qstr($_POST['email'],get_magic_quotes_gpc());
|
||||
$password = $db->qstr($_POST['password'],get_magic_quotes_gpc());
|
||||
$firstname = $db->qstr($_POST['firstname'],get_magic_quotes_gpc());
|
||||
$lastname = $db->qstr($_POST['lastname'],get_magic_quotes_gpc());
|
||||
$chat_user = $db->qstr($_POST['chat_user'],get_magic_quotes_gpc());
|
||||
@@ -96,12 +98,14 @@ if (isset($_POST['operator']) && isset($_POST['adduser']))
|
||||
}
|
||||
$supervisor = 0;
|
||||
$temporary = 0;
|
||||
$admin = 0;
|
||||
$refusal = 0;
|
||||
$voip = 0;
|
||||
$chat = 0;
|
||||
if (isset($_POST['supervisor']) && $_POST['supervisor'] == "on") $supervisor = 1;
|
||||
if (isset($_POST['refusal']) && $_POST['refusal'] == "on") $refusal = 1;
|
||||
if (isset($_POST['temporary']) && $_POST['temporary'] == "on") $temporary = 1;
|
||||
if (isset($_POST['admin']) && $_POST['admin'] == "on") $admin = 1;
|
||||
if (isset($_POST['voip']) && $_POST['voip'] == "on") $voip = 1;
|
||||
if (isset($_POST['chat_enable']) && $_POST['chat_enable'] == "on") $chat = 1;
|
||||
|
||||
@@ -113,7 +117,15 @@ if (isset($_POST['operator']) && isset($_POST['adduser']))
|
||||
|
||||
if ($db->Execute($sql))
|
||||
{
|
||||
$oid = $db->Insert_ID();
|
||||
$oid = $db->Insert_ID();
|
||||
|
||||
include_once("../include/limesurvey/admin/classes/core/sha256.php");
|
||||
|
||||
//Insert into lime_users
|
||||
$sql = "INSERT INTO " . LIME_PREFIX . "users (`users_name`,`password`,`full_name`,`parent_id`,`superadmin`,`email`,`lang`)
|
||||
VALUES ($operator, '" . SHA256::hashing($_POST['password']) . "',$firstname,1,$admin,$email,'auto')";
|
||||
|
||||
$db->Execute($sql);
|
||||
|
||||
if (FREEPBX_PATH !== false)
|
||||
{
|
||||
@@ -135,20 +147,6 @@ if (isset($_POST['operator']) && isset($_POST['adduser']))
|
||||
$db->Execute($sql);
|
||||
}
|
||||
|
||||
if (HTPASSWD_PATH !== false && HTGROUP_PATH !== false)
|
||||
{
|
||||
//Get password and add it to the configured htpassword
|
||||
include_once("../functions/functions.htpasswd.php");
|
||||
$htp = New Htpasswd(HTPASSWD_PATH);
|
||||
$htg = New Htgroup(HTGROUP_PATH);
|
||||
|
||||
$htp->addUser($_POST['operator'],$_POST['password']);
|
||||
$htg->addUserToGroup($_POST['operator'],HTGROUP_INTERVIEWER);
|
||||
|
||||
if ($supervisor)
|
||||
$htg->addUserGroup(HTGROUP_ADMIN);
|
||||
}
|
||||
|
||||
$a = "<div class='alert alert-info'><h3>" . T_("Added operator :") . " " . $operator . "</h3>";
|
||||
|
||||
if (FREEPBX_PATH !== false)
|
||||
@@ -188,7 +186,7 @@ if ($a) {
|
||||
else {
|
||||
echo "<div class='well'>";
|
||||
//echo "<p>" . T_("Adding an operator here will give the user the ability to call cases") . "<a href='operatorquestionnaire.php'>" . T_("Assign Operator to Questionnaire") . "</a>" . T_("tool") . ".</p>";
|
||||
echo "<p>" . T_("Use this form to enter the username of a user based on your directory security system. For example, if you have secured the base directory of queXS using Apache file based security, enter the usernames of the users here.") . "</p>";
|
||||
//echo "<p>" . T_("Use this form to enter the username of a user based on your directory security system. For example, if you have secured the base directory of queXS using Apache file based security, enter the usernames of the users here.") . "</p>";
|
||||
echo "<p>" . T_("The username and extension must be unique for each operator.") . "</p>";
|
||||
echo "</div>";
|
||||
}
|
||||
@@ -247,16 +245,14 @@ function generate() {
|
||||
<label class="col-sm-3 control-label"><?php echo T_("Username") . ": ";?></label>
|
||||
<div class="col-sm-3"><input name="operator" type="text" class="form-control" required /></div>
|
||||
</div>
|
||||
<?php if (HTPASSWD_PATH !== false && HTGROUP_PATH !== false) { ?>
|
||||
<div class="form-group">
|
||||
<label class="col-sm-3 control-label"><?php echo T_("Password") . ": ";?></label>
|
||||
<div class="col-sm-3"><input name="password" id="password" type="text" class="form-control" required pattern="(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}" /></div>
|
||||
<div class="col-sm-3"><input name="password" id="password" type="text" class="form-control" required /></div>
|
||||
<div class="col-sm-6 form-inline"> 
|
||||
<input type="button" onclick="generate();" value="<?php echo T_("Generate");?>" class="btn btn-default fa" /> <?php echo T_("Password with");?> 
|
||||
<input type="number" name="number" value="25" min="8" max="50" style="width:5em;" class="form-control" /> <?php echo T_("characters");?>
|
||||
</div>
|
||||
</div>
|
||||
<?php } ?>
|
||||
<div class="form-group">
|
||||
<label class="col-sm-3 control-label"><?php echo T_("First name") . ": ";?></label>
|
||||
<div class="col-sm-3"><input name="firstname" type="text" class="form-control" required/></div>
|
||||
@@ -265,6 +261,10 @@ function generate() {
|
||||
<label class="col-sm-3 control-label"><?php echo T_("Last name") . ": ";?></label>
|
||||
<div class="col-sm-3"><input name="lastname" type="text" class="form-control"/></div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-sm-3 control-label"><?php echo T_("Email") . ": ";?></label>
|
||||
<div class="col-sm-3"><input name="email" type="text" class="form-control"/></div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-sm-3 control-label"><?php echo T_("Timezone") . ": ";?></label>
|
||||
<div class="col-sm-3"><?php display_chooser($rs,"Time_zone_name","Time_zone_name",false,false,false,true,array("value",get_setting("DEFAULT_TIME_ZONE")),true,"form-inline");?></div>
|
||||
@@ -300,6 +300,10 @@ function generate() {
|
||||
<label class="col-sm-3 control-label"><?php echo T_("Uses chat") . "? ";?></label>
|
||||
<div class="col-sm-3"><input name="chat_enable" type="checkbox" data-toggle="toggle" data-on="<?php echo T_("Yes"); ?>" data-off="<?php echo T_("No"); ?>" /></div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-sm-3 control-label"><?php echo T_("Is the operator a system administrator?");?></label>
|
||||
<div class="col-sm-3"><input name="admin" type="checkbox" data-toggle="toggle" data-on="<?php echo T_("Yes"); ?>" data-off="<?php echo T_("No"); ?>" data-offstyle="primary" data-onstyle="danger"/></div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-sm-3 control-label"><?php echo T_("Is the operator a normal interviewer?");?></label>
|
||||
<div class="col-sm-3"><input name="temporary" type="checkbox" data-toggle="toggle" data-on="<?php echo T_("Yes"); ?>" data-off="<?php echo T_("No"); ?>" data-offstyle="danger" checked="checked"/></div>
|
||||
|
||||
Reference in New Issue
Block a user