. * * For more information, contact Colosa Inc, 2566 Le Jeune Rd., * Coral Gables, FL, 33134, USA, or email info@colosa.com. */ try { global $RBAC; switch ($RBAC->userCanAccess( 'PM_FACTORY' )) { case - 2: G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_SYSTEM', 'error', 'labels' ); G::header( 'location: ../login/login' ); die(); break; case - 1: G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_PAGE', 'error', 'labels' ); G::header( 'location: ../login/login' ); die(); break; } if (empty( $_POST ) || ! isset( $_POST['form'] )) { if (empty( $_FILES )) throw (new Exception( G::loadTranslation( 'ID_ERROR_UPLOADING_FILENAME' ) )); else throw (new Exception( G::loadTranslation( 'ID_POSTED_DATA_EMPTY' ) )); } $form = $_POST['form']; if (isset( $_GET['USR_UID'] )) { $form['USR_UID'] = $_GET['USR_UID']; } else { $form['USR_UID'] = ''; } if (isset( $_FILES['form']['name']['USR_RESUME'] )) { if ($_FILES['form']['tmp_name']['USR_RESUME'] != '') { $form['USR_RESUME'] = $_FILES['form']['name']['USR_RESUME']; } else { $form['USR_RESUME'] = ''; } } if (! isset( $form['USR_NEW_PASS'] )) { $form['USR_NEW_PASS'] = ''; } if ($form['USR_NEW_PASS'] != '') { $form['USR_PASSWORD'] = Bootstrap::hashPassword( $form['USR_NEW_PASS'] ); } if (! isset( $form['USR_CITY'] )) { $form['USR_CITY'] = ''; } if (! isset( $form['USR_LOCATION'] )) { $form['USR_LOCATION'] = ''; } if (! isset( $form['USR_AUTH_USER_DN'] )) { $form['USR_AUTH_USER_DN'] = ''; } if ($form['USR_UID'] == '') { $aData['USR_USERNAME'] = $form['USR_USERNAME']; $aData['USR_PASSWORD'] = $form['USR_PASSWORD']; $aData['USR_FIRSTNAME'] = $form['USR_FIRSTNAME']; $aData['USR_LASTNAME'] = $form['USR_LASTNAME']; $aData['USR_EMAIL'] = $form['USR_EMAIL']; $aData['USR_DUE_DATE'] = $form['USR_DUE_DATE']; $aData['USR_CREATE_DATE'] = date( 'Y-m-d H:i:s' ); $aData['USR_UPDATE_DATE'] = date( 'Y-m-d H:i:s' ); $aData['USR_BIRTHDAY'] = date( 'Y-m-d' ); $aData['USR_AUTH_USER_DN'] = $form['USR_AUTH_USER_DN']; //fixing bug in inactive user when the admin create a new user. $statusWF = $form['USR_STATUS']; $aData['USR_STATUS'] = $form['USR_STATUS'] == 'ACTIVE' ? 1 : 0; $sUserUID = $RBAC->createUser( $aData, $form['USR_ROLE'] ); $aData['USR_STATUS'] = $statusWF; $aData['USR_UID'] = $sUserUID; $aData['USR_PASSWORD'] = G::encryptOld( $sUserUID ); //fake :p $aData['USR_COUNTRY'] = $form['USR_COUNTRY']; $aData['USR_CITY'] = $form['USR_CITY']; $aData['USR_LOCATION'] = $form['USR_LOCATION']; $aData['USR_ADDRESS'] = $form['USR_ADDRESS']; $aData['USR_PHONE'] = $form['USR_PHONE']; $aData['USR_ZIP_CODE'] = $form['USR_ZIP_CODE']; $aData['USR_POSITION'] = $form['USR_POSITION']; // Commented by removal of resume in the addition and modification of user. // $aData['USR_RESUME'] = $form['USR_RESUME']; $aData['USR_ROLE'] = $form['USR_ROLE']; $aData['USR_REPLACED_BY'] = $form['USR_REPLACED_BY']; require_once 'classes/model/Users.php'; $oUser = new Users(); $oUser->create( $aData ); if ($_FILES['form']['error']['USR_PHOTO'] != 1) { if ($_FILES['form']['tmp_name']['USR_PHOTO'] != '') { G::uploadFile( $_FILES['form']['tmp_name']['USR_PHOTO'], PATH_IMAGES_ENVIRONMENT_USERS, $sUserUID . '.gif' ); } } else { G::SendTemporalMessage( 'ID_FILE_TOO_BIG', 'error' ); } if ($_FILES['form']['error']['USR_RESUME'] != 1) { if ($_FILES['form']['tmp_name']['USR_RESUME'] != '') { G::uploadFile( $_FILES['form']['tmp_name']['USR_RESUME'], PATH_IMAGES_ENVIRONMENT_FILES . $sUserUID . '/', $_FILES['form']['name']['USR_RESUME'] ); } } else { G::SendTemporalMessage( 'ID_FILE_TOO_BIG', 'error' ); } } else { $aData['USR_UID'] = $form['USR_UID']; $aData['USR_USERNAME'] = $form['USR_USERNAME']; if (isset( $form['USR_PASSWORD'] )) { if ($form['USR_PASSWORD'] != '') { $aData['USR_PASSWORD'] = $form['USR_PASSWORD']; require_once 'classes/model/UsersProperties.php'; $oUserProperty = new UsersProperties(); $aUserProperty = $oUserProperty->loadOrCreateIfNotExists( $form['USR_UID'], array ('USR_PASSWORD_HISTORY' => serialize( array (G::encryptOld( $form['USR_PASSWORD'] ) ) ) ) ); $RBAC->loadUserRolePermission( 'PROCESSMAKER', $_SESSION['USER_LOGGED'] ); if ($RBAC->aUserInfo['PROCESSMAKER']['ROLE']['ROL_CODE'] == 'PROCESSMAKER_ADMIN') { $aUserProperty['USR_LAST_UPDATE_DATE'] = date( 'Y-m-d H:i:s' ); $aUserProperty['USR_LOGGED_NEXT_TIME'] = 1; $oUserProperty->update( $aUserProperty ); } $aErrors = $oUserProperty->validatePassword( $form['USR_NEW_PASS'], $aUserProperty['USR_LAST_UPDATE_DATE'], 0 ); if (count( $aErrors ) > 0) { $sDescription = G::LoadTranslation( 'ID_POLICY_ALERT' ) . ':

'; foreach ($aErrors as $sError) { switch ($sError) { case 'ID_PPP_MINIMUN_LENGTH': $sDescription .= ' - ' . G::LoadTranslation( $sError ) . ': ' . PPP_MINIMUN_LENGTH . '
'; break; case 'ID_PPP_MAXIMUN_LENGTH': $sDescription .= ' - ' . G::LoadTranslation( $sError ) . ': ' . PPP_MAXIMUN_LENGTH . '
'; break; case 'ID_PPP_EXPIRATION_IN': $sDescription .= ' - ' . G::LoadTranslation( $sError ) . ' ' . PPP_EXPIRATION_IN . ' ' . G::LoadTranslation( 'ID_DAYS' ) . '
'; break; default: $sDescription .= ' - ' . G::LoadTranslation( $sError ) . '
'; break; } } $sDescription .= '
' . G::LoadTranslation( 'ID_PLEASE_CHANGE_PASSWORD_POLICY' ); G::SendMessageText( $sDescription, 'warning' ); G::header( 'Location: ' . $_SERVER['HTTP_REFERER'] ); die(); } $aHistory = unserialize( $aUserProperty['USR_PASSWORD_HISTORY'] ); if (! is_array( $aHistory )) { $aHistory = array (); } if (! defined( 'PPP_PASSWORD_HISTORY' )) { define( 'PPP_PASSWORD_HISTORY', 0 ); } if (PPP_PASSWORD_HISTORY > 0) { //it's looking a password igual into aHistory array that was send for post in md5 way $c = 0; $sw = 1; while (count( $aHistory ) >= 1 && count( $aHistory ) > $c && $sw) { if (strcmp( trim( $aHistory[$c] ), trim( $form['USR_PASSWORD'] ) ) == 0) { $sw = 0; } $c ++; } if ($sw == 0) { $sDescription = G::LoadTranslation( 'ID_POLICY_ALERT' ) . ':

'; $sDescription .= ' - ' . G::LoadTranslation( 'PASSWORD_HISTORY' ) . ': ' . PPP_PASSWORD_HISTORY . '
'; $sDescription .= '
' . G::LoadTranslation( 'ID_PLEASE_CHANGE_PASSWORD_POLICY' ) . ''; G::SendMessageText( $sDescription, 'warning' ); G::header( 'Location: ' . $_SERVER['HTTP_REFERER'] ); die(); } // if (count( $aHistory ) >= PPP_PASSWORD_HISTORY) { $sLastPassw = array_shift( $aHistory ); } $aHistory[] = $form['USR_PASSWORD']; } $aUserProperty['USR_LAST_UPDATE_DATE'] = date( 'Y-m-d H:i:s' ); $aUserProperty['USR_LOGGED_NEXT_TIME'] = 1; $aUserProperty['USR_PASSWORD_HISTORY'] = serialize( $aHistory ); $oUserProperty->update( $aUserProperty ); } } $aData['USR_FIRSTNAME'] = $form['USR_FIRSTNAME']; $aData['USR_LASTNAME'] = $form['USR_LASTNAME']; $aData['USR_EMAIL'] = $form['USR_EMAIL']; $aData['USR_DUE_DATE'] = $form['USR_DUE_DATE']; $aData['USR_UPDATE_DATE'] = date( 'Y-m-d H:i:s' ); if (isset( $form['USR_STATUS'] )) { $aData['USR_STATUS'] = $form['USR_STATUS']; } if (isset( $form['USR_ROLE'] )) { $RBAC->updateUser( $aData, $form['USR_ROLE'] ); } else { $RBAC->updateUser( $aData ); } $aData['USR_COUNTRY'] = $form['USR_COUNTRY']; $aData['USR_CITY'] = $form['USR_CITY']; $aData['USR_LOCATION'] = $form['USR_LOCATION']; $aData['USR_ADDRESS'] = $form['USR_ADDRESS']; $aData['USR_PHONE'] = $form['USR_PHONE']; $aData['USR_ZIP_CODE'] = $form['USR_ZIP_CODE']; $aData['USR_POSITION'] = $form['USR_POSITION']; if ($form['USR_RESUME'] != '') { $aData['USR_RESUME'] = $form['USR_RESUME']; } if (isset( $form['USR_ROLE'] )) { $aData['USR_ROLE'] = $form['USR_ROLE']; } if (isset( $form['USR_REPLACED_BY'] )) { $aData['USR_REPLACED_BY'] = $form['USR_REPLACED_BY']; } if (isset( $form['USR_AUTH_USER_DN'] )) { $aData['USR_AUTH_USER_DN'] = $form['USR_AUTH_USER_DN']; } require_once 'classes/model/Users.php'; $oUser = new Users(); $oUser->update( $aData ); $aExtensions = array ("AIS","BMP","BW","CDR","CDT","CGM","CMX","CPT","DCX","DIB","EMF","GBR","GIF","GIH","ICO","IFF","ILBM","JFIF","JIF","JPE","JPEG","JPG","KDC","LBM","MAC","PAT","PCD","PCT","PCX","PIC","PICT","PNG","PNTG","PIX","PSD","PSP","QTI","QTIF","RGB","RGBA","RIF","RLE","SGI","TGA","TIF","TIFF","WMF","XCF" ); $sPhotoFile = $_FILES['form']['name']['USR_PHOTO']; $aPhotoFile = explode( '.', $sPhotoFile ); $sExtension = strtoupper( $aPhotoFile[sizeof( $aPhotoFile ) - 1] ); if ((strlen( $sPhotoFile ) > 0) && (! in_array( $sExtension, $aExtensions ))) { throw (new Exception( G::LoadTranslation( 'ID_ERROR_UPLOADING_IMAGE_TYPE' ) )); } if ($_FILES['form']['error']['USR_PHOTO'] != 1) { if ($_FILES['form']['tmp_name']['USR_PHOTO'] != '') { $aAux = explode( '.', $_FILES['form']['name']['USR_PHOTO'] ); G::uploadFile( $_FILES['form']['tmp_name']['USR_PHOTO'], PATH_IMAGES_ENVIRONMENT_USERS, $aData['USR_UID'] . '.' . $aAux[1] ); G::resizeImage( PATH_IMAGES_ENVIRONMENT_USERS . $aData['USR_UID'] . '.' . $aAux[1], 96, 96, PATH_IMAGES_ENVIRONMENT_USERS . $aData['USR_UID'] . '.gif' ); } } else { G::SendTemporalMessage( 'ID_FILE_TOO_BIG', 'error' ); } if ($_FILES['form']['error']['USR_RESUME'] != 1) { if ($_FILES['form']['tmp_name']['USR_RESUME'] != '') { G::uploadFile( $_FILES['form']['tmp_name']['USR_RESUME'], PATH_IMAGES_ENVIRONMENT_FILES . $aData['USR_UID'] . '/', $_FILES['form']['name']['USR_RESUME'] ); } } else { G::SendTemporalMessage( 'ID_FILE_TOO_BIG', 'error' ); } } if ($_SESSION['USER_LOGGED'] == $form['USR_UID']) { /*UPDATING SESSION VARIABLES*/ $aUser = $RBAC->userObj->load( $_SESSION['USER_LOGGED'] ); $_SESSION['USR_FULLNAME'] = $aUser['USR_FIRSTNAME'] . ' ' . $aUser['USR_LASTNAME']; } //Save Calendar assigment if ((isset( $form['USR_CALENDAR'] ))) { //Save Calendar ID for this user G::LoadClass( "calendar" ); $calendarObj = new Calendar(); $calendarObj->assignCalendarTo( $aData['USR_UID'], $form['USR_CALENDAR'], 'USER' ); } G::header( 'location: users_List' ); } catch (Exception $e) { $G_MAIN_MENU = 'processmaker'; $G_SUB_MENU = 'users'; $G_ID_MENU_SELECTED = 'USERS'; $G_ID_SUB_MENU_SELECTED = ''; $aMessage = array (); $aMessage['MESSAGE'] = $e->getMessage(); $G_PUBLISH = new Publisher(); $G_PUBLISH->AddContent( 'xmlform', 'xmlform', 'login/showMessage', '', $aMessage ); G::RenderPage( 'publish', 'blank' ); }