forked from osTicket/osTicket
-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathaccount.php
138 lines (124 loc) · 5.31 KB
/
account.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
<?php
/*********************************************************************
profile.php
Manage client profile. This will allow a logged-in user to manage
his/her own public (non-internal) information
Peter Rotich <[email protected]>
Jared Hancock <[email protected]>
Copyright (c) 2006-2013 osTicket
http://www.osticket.com
Released under the GNU General Public License WITHOUT ANY WARRANTY.
See LICENSE.TXT for details.
vim: expandtab sw=4 ts=4 sts=4:
$Id: $
**********************************************************************/
require 'client.inc.php';
$inc = 'register.inc.php';
$errors = array();
if (!$cfg || !$cfg->isClientRegistrationEnabled()) {
Http::redirect('index.php');
}
elseif ($thisclient) {
// Guest registering for an account
if ($thisclient->isGuest()) {
foreach ($thisclient->getForms() as $f) {
if ($f->get('object_type') == 'U') {
$user_form = $f;
$user_form->getField('email')->configure('disabled', true);
}
}
}
// Existing client (with an account) updating profile
else {
$user = User::lookup($thisclient->getId());
$content = Page::lookupByType('registration-thanks');
$inc = isset($_GET['confirmed'])
? 'register.confirmed.inc.php' : 'profile.inc.php';
}
}
if ($user && $_POST) {
if ($acct = $thisclient->getAccount()) {
$acct->update($_POST, $errors);
}
if (!$errors && $user->updateInfo($_POST, $errors))
Http::redirect('tickets.php');
}
elseif ($_POST) {
$user_form = UserForm::getUserForm()->getForm($_POST);
if ($thisclient) {
$user_form->getField('email')->configure('disabled', true);
$user_form->getField('email')->value = $thisclient->getEmail();
$_POST['email'] = $thisclient->getEmail();
}
if (!$user_form->isValid(function($f) { return $f->isVisibleToUsers(); }))
$errors['err'] = __('Incomplete client information');
elseif (!$_POST['backend'] && !$_POST['passwd1'])
$errors['passwd1'] = __('New password is required');
elseif (!$_POST['backend'] && $_POST['passwd2'] != $_POST['passwd1'])
$errors['passwd1'] = __('Passwords do not match');
else {
try {
UserAccount::checkPassword($_POST['passwd1']);
} catch (BadPassword $ex) {
$errors['passwd1'] = $ex->getMessage();
}
}
if ($errors)
$errors['err'] = $errors['err'] ?: __('Unable to register account. See messages below');
// XXX: The email will always be in use already if a guest is logged in
// and is registering for an account. Instead,
elseif (($addr = $user_form->getField('email')->getClean())
&& ClientAccount::lookupByUsername($addr)) {
$user_form->getField('email')->addError(
sprintf(__('Email already registered. Would you like to %1$s sign in %2$s?'),
'<a href="login.php?e='.urlencode($addr).'" style="color:inherit"><strong>',
'</strong></a>'));
$errors['err'] = __('Unable to register account. See messages below');
}
elseif (!$addr)
$errors['email'] = sprintf(__('%s is a required field'), $user_form->getField('email')->getLocal('label'));
elseif (!$user_form->getField('name')->getClean())
$errors['name'] = sprintf(__('%s is a required field'), $user_form->getField('name')->getLocal('label'));
// Registration for existing users
elseif ($addr && ($user = User::lookupByEmail($addr)) && !$user->updateInfo($_POST, $errors))
$errors['err'] = __('Unable to register account. See messages below');
// Users created from ClientCreateRequest
elseif (isset($_POST['backend']) && !($user = User::fromVars($user_form->getClean())))
$errors['err'] = __('Unable to create local account. See messages below');
// New users and users registering from a ticket access link
elseif (!$user && !($user = $thisclient ?: User::fromForm($user_form)))
$errors['err'] = __('Unable to register account. See messages below');
else {
if (!($acct = ClientAccount::createForUser($user)))
$errors['err'] = __('Unable to create new account.')
.' '.__('Internal error occurred');
elseif (!$acct->update($_POST, $errors))
$errors['err'] = __('Errors configuring your profile. See messages below');
}
if (!$errors) {
switch ($_POST['do']) {
case 'create':
$content = Page::lookupByType('registration-confirm');
$inc = 'register.confirm.inc.php';
$acct->sendConfirmEmail();
break;
case 'import':
if ($bk = UserAuthenticationBackend::getBackend($_POST['backend'])) {
$cl = new ClientSession(new EndUser($user));
if (!$bk->supportsInteractiveAuthentication())
$acct->set('backend', null);
$acct->confirm();
if ($user = $bk->login($cl, $bk))
Http::redirect('tickets.php');
}
break;
}
// Rotate CSRF on successful POST
$ost->getCSRF()->rotate();
}
if ($errors && $user && $user != $thisclient)
$user->delete();
}
include(CLIENTINC_DIR.'header.inc.php');
include(CLIENTINC_DIR.$inc);
include(CLIENTINC_DIR.'footer.inc.php');