2 if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
3 /*********************************************************************************
4 * SugarCRM Community Edition is a customer relationship management program developed by
5 * SugarCRM, Inc. Copyright (C) 2004-2012 SugarCRM Inc.
7 * This program is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU Affero General Public License version 3 as published by the
9 * Free Software Foundation with the addition of the following permission added
10 * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
11 * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
12 * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
14 * This program is distributed in the hope that it will be useful, but WITHOUT
15 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
16 * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
19 * You should have received a copy of the GNU Affero General Public License along with
20 * this program; if not, see http://www.gnu.org/licenses or write to the Free
21 * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
24 * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
25 * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
27 * The interactive user interfaces in modified source and object code versions
28 * of this program must display Appropriate Legal Notices, as required under
29 * Section 5 of the GNU Affero General Public License version 3.
31 * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
32 * these Appropriate Legal Notices must retain the display of the "Powered by
33 * SugarCRM" logo. If the display of the logo is not reasonably feasible for
34 * technical reasons, the Appropriate Legal Notices must display the words
35 * "Powered by SugarCRM".
36 ********************************************************************************/
38 /*********************************************************************************
40 * Description: TODO: To be written.
41 * Portions created by SugarCRM are Copyright (C) SugarCRM, Inc.
42 * All Rights Reserved.
43 * Contributor(s): ______________________________________..
44 ********************************************************************************/
46 require_once('include/SugarFields/SugarFieldHandler.php');
47 require_once('modules/MySettings/TabController.php');
49 $display_tabs_def = isset($_REQUEST['display_tabs_def']) ? urldecode($_REQUEST['display_tabs_def']) : '';
50 $hide_tabs_def = isset($_REQUEST['hide_tabs_def']) ? urldecode($_REQUEST['hide_tabs_def']): '';
51 $remove_tabs_def = isset($_REQUEST['remove_tabs_def']) ? urldecode($_REQUEST['remove_tabs_def']): '';
53 $DISPLAY_ARR = array();
55 $REMOVE_ARR = array();
57 parse_str($display_tabs_def,$DISPLAY_ARR);
58 parse_str($hide_tabs_def,$HIDE_ARR);
59 parse_str($remove_tabs_def,$REMOVE_ARR);
63 if (isset($_POST['id']))
64 sugar_die("Unauthorized access to administration.");
65 if (isset($_POST['record']) && !is_admin($current_user)
66 && !$GLOBALS['current_user']->isAdminForModule('Users')
67 && $_POST['record'] != $current_user->id)
68 sugar_die("Unauthorized access to administration.");
69 elseif (!isset($_POST['record']) && !is_admin($current_user)
70 && !$GLOBALS['current_user']->isAdminForModule('Users'))
71 sugar_die ("Unauthorized access to user administration.");
73 $focus->retrieve($_POST['record']);
75 //update any ETag seeds that are tied to the user object changing
76 $focus->incrementETag("mainMenuETag");
78 // Flag to determine whether to save a new password or not.
79 // Bug 43241 - Changed $focus->id to $focus->user_name to make sure that a system generated password is made when converting employee to user
80 if(empty($focus->user_name))
83 clear_register_value('user_array',$focus->object_name);
89 if(!$current_user->is_admin && !$GLOBALS['current_user']->isAdminForModule('Users')
90 && $current_user->id != $focus->id) {
91 $GLOBALS['log']->fatal("SECURITY:Non-Admin ". $current_user->id . " attempted to change settings for user:". $focus->id);
92 header("Location: index.php?module=Users&action=Logout");
95 if(!$current_user->is_admin && !$GLOBALS['current_user']->isAdminForModule('Users')
96 && !empty($_POST['is_admin'])) {
97 $GLOBALS['log']->fatal("SECURITY:Non-Admin ". $current_user->id . " attempted to change is_admin settings for user:". $focus->id);
98 header("Location: index.php?module=Users&action=Logout");
103 // Populate the custom fields
104 $sfh = new SugarFieldHandler();
105 foreach ($focus->field_defs as $fieldName => $field)
107 if (isset($field['source']) && $field['source'] == 'custom_fields')
109 $type = !empty($field['custom_type']) ? $field['custom_type'] : $field['type'];
110 $sf = $sfh->getSugarField($type);
113 $sf->save($focus, $_POST, $fieldName, $field, '');
117 $GLOBALS['log']->fatal("Field '$fieldName' does not have a SugarField handler");
123 $portal=array("user_name","last_name","status","portal_only");
124 $group=array("user_name","last_name","status","is_group");
125 if(isset($_POST['portal_only']) && ($_POST['portal_only']=='1' || $focus->portal_only)){
126 foreach($portal as $field){
127 if(isset($_POST[$field]))
129 $value = $_POST[$field];
130 $focus->$field = $value;
136 if(isset($_POST['is_group']) && ($_POST['is_group']=='1' || $focus->is_group)){
137 foreach($group as $field){
138 if(isset($_POST[$field]))
140 $value = $_POST[$field];
141 $focus->$field = $value;
148 // copy the group or portal user name over. We renamed the field in order to ensure auto-complete would not change the value
149 if(isset($_POST['user_name']))
151 $focus->user_name = $_POST['user_name'];
154 // if the user saved is a Regular User
155 if(!$focus->is_group && !$focus->portal_only){
157 foreach ($focus->column_fields as $fieldName)
159 $field = $focus->field_defs[$fieldName];
160 $type = !empty($field['custom_type']) ? $field['custom_type'] : $field['type'];
161 $sf = $sfh->getSugarField($type);
164 $sf->save($focus, $_POST, $fieldName, $field, '');
168 $GLOBALS['log']->fatal("Field '$fieldName' does not have a SugarField handler");
171 foreach ($focus->additional_column_fields as $fieldName)
173 $field = $focus->field_defs[$fieldName];
174 $type = !empty($field['custom_type']) ? $field['custom_type'] : $field['type'];
175 $sf = $sfh->getSugarField($type);
178 $sf->save($focus, $_POST, $fieldName, $field, '');
182 $GLOBALS['log']->fatal("Field '$fieldName' does not have a SugarField handler");
187 $focus->portal_only=0;
189 if(isset($_POST['status']) && $_POST['status']== "Inactive") $focus->employee_status = "Terminated"; //bug49972
191 if(isset($_POST['user_name']))
193 $focus->user_name = $_POST['user_name'];
195 if((isset($_POST['is_admin']) && ($_POST['is_admin'] == 'on' || $_POST['is_admin'] == '1')) ||
196 (isset($_POST['UserType']) && $_POST['UserType'] == "Administrator")) $focus->is_admin = 1;
197 elseif(isset($_POST['is_admin']) && empty($_POST['is_admin'])) $focus->is_admin = 0;
198 //if(empty($_POST['portal_only']) || !empty($_POST['is_admin'])) $focus->portal_only = 0;
199 //if(empty($_POST['is_group']) || !empty($_POST['is_admin'])) $focus->is_group = 0;
200 if(empty($_POST['receive_notifications'])) $focus->receive_notifications = 0;
202 if(isset($_POST['mailmerge_on']) && !empty($_POST['mailmerge_on'])) {
203 $focus->setPreference('mailmerge_on','on', 0, 'global');
205 $focus->setPreference('mailmerge_on','off', 0, 'global');
208 if(isset($_POST['user_swap_last_viewed']))
210 $focus->setPreference('swap_last_viewed', $_POST['user_swap_last_viewed'], 0, 'global');
214 $focus->setPreference('swap_last_viewed', '', 0, 'global');
217 if(isset($_POST['user_swap_shortcuts']))
219 $focus->setPreference('swap_shortcuts', $_POST['user_swap_shortcuts'], 0, 'global');
223 $focus->setPreference('swap_shortcuts', '', 0, 'global');
226 if(isset($_POST['use_group_tabs']))
228 $focus->setPreference('navigation_paradigm', $_POST['use_group_tabs'], 0, 'global');
232 $focus->setPreference('navigation_paradigm', 'gm', 0, 'global');
235 if(isset($_POST['user_subpanel_tabs']))
237 $focus->setPreference('subpanel_tabs', $_POST['user_subpanel_tabs'], 0, 'global');
241 $focus->setPreference('subpanel_tabs', '', 0, 'global');
244 if(isset($_POST['user_theme']))
246 $focus->setPreference('user_theme', $_POST['user_theme'], 0, 'global');
247 $_SESSION['authenticated_user_theme'] = $_POST['user_theme'];
250 if(isset($_POST['user_module_favicon']))
252 $focus->setPreference('module_favicon', $_POST['user_module_favicon'], 0, 'global');
256 $focus->setPreference('module_favicon', '', 0, 'global');
259 $tabs = new TabController();
260 if(isset($_POST['display_tabs']))
261 $tabs->set_user_tabs($DISPLAY_ARR['display_tabs'], $focus, 'display');
262 if(isset($HIDE_ARR['hide_tabs'])){
263 $tabs->set_user_tabs($HIDE_ARR['hide_tabs'], $focus, 'hide');
266 $tabs->set_user_tabs(array(), $focus, 'hide');
268 if(is_admin($current_user)){
269 if(isset($REMOVE_ARR['remove_tabs'])){
270 $tabs->set_user_tabs($REMOVE_ARR['remove_tabs'], $focus, 'remove');
272 $tabs->set_user_tabs(array(), $focus, 'remove');
276 if(isset($_POST['no_opps'])) {
277 $focus->setPreference('no_opps',$_POST['no_opps'], 0, 'global');
280 $focus->setPreference('no_opps','off', 0, 'global');
283 if(isset($_POST['reminder_checked']) && $_POST['reminder_checked'] == '1' && isset($_POST['reminder_checked'])){
284 $focus->setPreference('reminder_time', $_POST['reminder_time'], 0, 'global');
286 // cn: bug 5522, need to unset reminder time if unchecked.
287 $focus->setPreference('reminder_time', -1, 0, 'global');
290 if(isset($_POST['email_reminder_checked']) && $_POST['email_reminder_checked'] == '1' && isset($_POST['email_reminder_checked'])){
291 $focus->setPreference('email_reminder_time', $_POST['email_reminder_time'], 0, 'global');
293 $focus->setPreference('email_reminder_time', -1, 0, 'global');
295 if(isset($_POST['timezone'])) $focus->setPreference('timezone',$_POST['timezone'], 0, 'global');
296 if(isset($_POST['ut'])) $focus->setPreference('ut', '0', 0, 'global');
297 else $focus->setPreference('ut', '1', 0, 'global');
298 if(isset($_POST['currency'])) $focus->setPreference('currency',$_POST['currency'], 0, 'global');
299 if(isset($_POST['default_currency_significant_digits'])) $focus->setPreference('default_currency_significant_digits',$_POST['default_currency_significant_digits'], 0, 'global');
300 if(isset($_POST['num_grp_sep'])) $focus->setPreference('num_grp_sep', $_POST['num_grp_sep'], 0, 'global');
301 if(isset($_POST['dec_sep'])) $focus->setPreference('dec_sep', $_POST['dec_sep'], 0, 'global');
302 if(isset($_POST['fdow'])) $focus->setPreference('fdow', $_POST['fdow'], 0, 'global');
303 if(isset($_POST['dateformat'])) $focus->setPreference('datef',$_POST['dateformat'], 0, 'global');
304 if(isset($_POST['timeformat'])) $focus->setPreference('timef',$_POST['timeformat'], 0, 'global');
305 if(isset($_POST['timezone'])) $focus->setPreference('timezone',$_POST['timezone'], 0, 'global');
306 if(isset($_POST['mail_fromname'])) $focus->setPreference('mail_fromname',$_POST['mail_fromname'], 0, 'global');
307 if(isset($_POST['mail_fromaddress'])) $focus->setPreference('mail_fromaddress',$_POST['mail_fromaddress'], 0, 'global');
308 if(isset($_POST['mail_sendtype'])) $focus->setPreference('mail_sendtype', $_POST['mail_sendtype'], 0, 'global');
309 if(isset($_POST['mail_smtpserver'])) $focus->setPreference('mail_smtpserver',$_POST['mail_smtpserver'], 0, 'global');
310 if(isset($_POST['mail_smtpport'])) $focus->setPreference('mail_smtpport',$_POST['mail_smtpport'], 0, 'global');
311 if(isset($_POST['mail_smtpuser'])) $focus->setPreference('mail_smtpuser',$_POST['mail_smtpuser'], 0, 'global');
312 if(isset($_POST['mail_smtppass'])) $focus->setPreference('mail_smtppass',$_POST['mail_smtppass'], 0, 'global');
313 if(isset($_POST['default_locale_name_format'])) $focus->setPreference('default_locale_name_format',$_POST['default_locale_name_format'], 0, 'global');
314 if(isset($_POST['export_delimiter'])) $focus->setPreference('export_delimiter', $_POST['export_delimiter'], 0, 'global');
315 if(isset($_POST['default_export_charset'])) $focus->setPreference('default_export_charset', $_POST['default_export_charset'], 0, 'global');
316 if(isset($_POST['use_real_names'])) {
317 $focus->setPreference('use_real_names', 'on', 0, 'global');
318 } elseif(!isset($_POST['use_real_names']) && !isset($_POST['from_dcmenu'])) {
319 // Make sure we're on the full form and not the QuickCreate.
320 $focus->setPreference('use_real_names', 'off', 0, 'global');
323 if(isset($_POST['mail_smtpauth_req'])) {
324 $focus->setPreference('mail_smtpauth_req',$_POST['mail_smtpauth_req'] , 0, 'global');
326 $focus->setPreference('mail_smtpauth_req','', 0, 'global');
329 // SSL-enabled SMTP connection
330 if(isset($_POST['mail_smtpssl'])) {
331 $focus->setPreference('mail_smtpssl', 1, 0, 'global');
333 $focus->setPreference('mail_smtpssl', 0, 0, 'global');
335 ///////////////////////////////////////////////////////////////////////////
337 foreach($_POST as $k=>$v){
338 if(strpos($k,"sugarpdf_pdf") !== false){
339 $focus->setPreference($k, $v, 0, 'global');
343 ///////////////////////////////////////////////////////////////////////////
345 ///////////////////////////////////////////////////////////////////////////
347 if(isset($_POST['signature_id']))
348 $focus->setPreference('signature_default', $_POST['signature_id'], 0, 'global');
350 if(isset($_POST['signature_prepend'])) $focus->setPreference('signature_prepend',$_POST['signature_prepend'], 0, 'global');
352 ///////////////////////////////////////////////////////////////////////////
355 if(isset($_POST['email_link_type'])) $focus->setPreference('email_link_type', $_REQUEST['email_link_type']);
356 if(isset($_REQUEST['email_show_counts'])) {
357 $focus->setPreference('email_show_counts', $_REQUEST['email_show_counts'], 0, 'global');
359 $focus->setPreference('email_show_counts', 0, 0, 'global');
361 if(isset($_REQUEST['email_editor_option']))
362 $focus->setPreference('email_editor_option', $_REQUEST['email_editor_option'], 0, 'global');
363 if(isset($_REQUEST['default_email_charset']))
364 $focus->setPreference('default_email_charset', $_REQUEST['default_email_charset'], 0, 'global');
366 if(isset($_POST['calendar_publish_key'])) $focus->setPreference('calendar_publish_key',$_POST['calendar_publish_key'], 0, 'global');
369 if (!$focus->verify_data())
371 header("Location: index.php?action=Error&module=Users&error_string=".urlencode($focus->error_string));
375 { $GLOBALS['sugar_config']['disable_team_access_check'] = true;
377 $GLOBALS['sugar_config']['disable_team_access_check'] = false;
378 $return_id = $focus->id;
383 if((isset($_POST['old_password']) || $focus->portal_only) &&
384 (isset($_POST['new_password']) && !empty($_POST['new_password'])) &&
385 (isset($_POST['password_change']) && $_POST['password_change'] == 'true') ) {
386 if (!$focus->change_password($_POST['old_password'], $_POST['new_password'])) {
387 if((isset($_POST['page']) && $_POST['page'] == 'EditView')){
388 header("Location: index.php?action=EditView&module=Users&record=".$_POST['record']."&error_password=".urlencode($focus->error_string));
391 if((isset($_POST['page']) && $_POST['page'] == 'Change')){
392 header("Location: index.php?action=ChangePassword&module=Users&record=".$_POST['record']."&error_password=".urlencode($focus->error_string));
404 ///////////////////////////////////////////////////////////////////////////
405 //// OUTBOUND EMAIL SAVES
406 ///////////////////////////////////////////////////////////////////////////
408 $sysOutboundAccunt = new OutboundEmail();
410 //If a user is not alloweed to use the default system outbound account then they will be
411 //saving their own username/password for the system account
412 if( ! $sysOutboundAccunt->isAllowUserAccessToSystemDefaultOutbound() )
414 $userOverrideOE = $sysOutboundAccunt->getUsersMailerForSystemOverride($focus->id);
415 if($userOverrideOE != null)
417 //User is alloweed to clear username and pass so no need to check for blanks.
418 $userOverrideOE->mail_smtpuser = $_REQUEST['mail_smtpuser'];
419 $userOverrideOE->mail_smtppass = $_REQUEST['mail_smtppass'];
420 $userOverrideOE->save();
424 //If a user name and password for the mail account is set, create the users override account.
425 if( ! (empty($_REQUEST['mail_smtpuser']) || empty($_REQUEST['mail_smtppass'])) )
426 $sysOutboundAccunt->createUserSystemOverrideAccount($focus->id,$_REQUEST['mail_smtpuser'],$_REQUEST['mail_smtppass'] );
431 ///////////////////////////////////////////////////////////////////////////
432 //// INBOUND EMAIL SAVES
433 if(isset($_REQUEST['server_url']) && !empty($_REQUEST['server_url'])) {
435 $ie = new InboundEmail();
436 if(false === $ie->savePersonalEmailAccount($return_id, $focus->user_name)) {
437 header("Location: index.php?action=Error&module=Users&error_string=&ie_error=true&id=".$return_id);
438 die(); // die here, else the header redirect below takes over.
440 } elseif(isset($_REQUEST['ie_id']) && !empty($_REQUEST['ie_id']) && empty($_REQUEST['server_url'])) {
441 // user is deleting their I-E
443 $ie = new InboundEmail();
444 $ie->deletePersonalEmailAccount($_REQUEST['ie_id'], $focus->user_name);
446 //// END INBOUND EMAIL SAVES
447 ///////////////////////////////////////////////////////////////////////////
448 if(($newUser) && !($focus->is_group) && !($focus->portal_only) && isset($sugar_config['passwordsetting']['SystemGeneratedPasswordON']) && $sugar_config['passwordsetting']['SystemGeneratedPasswordON']){
450 require_once('modules/Users/GeneratePassword.php');
456 //handle navigation from user wizard
457 if(isset($_REQUEST['whatnext'])){
458 if($_REQUEST['whatnext']== 'import'){
459 header("Location:index.php?module=Import&action=step1&import_module=Administration");
461 }elseif($_REQUEST['whatnext']== 'users'){
462 header("Location:index.php?module=Users&action=index");
464 }elseif($_REQUEST['whatnext']== 'settings'){
465 header("Location:index.php?module=Configurator&action=EditView");
467 }elseif($_REQUEST['whatnext']== 'studio'){
468 header("Location:index.php?module=ModuleBuilder&action=index&type=studio");
471 //do nothing, let the navigation continue as normal using code below
476 if(isset($_REQUEST['return_module']) && $_REQUEST['return_module'] != "") $return_module = $_REQUEST['return_module'];
477 else $return_module = "Users";
478 if(isset($_REQUEST['return_action']) && $_REQUEST['return_action'] != "") $return_action = $_REQUEST['return_action'];
479 else $return_action = "DetailView";
480 if(isset($_REQUEST['return_id']) && $_REQUEST['return_id'] != "") $return_id = $_REQUEST['return_id'];
482 $GLOBALS['log']->debug("Saved record with id of ".$return_id);
484 $redirect = "index.php?action={$return_action}&module={$return_module}&record={$return_id}";
485 $redirect .= isset($_REQUEST['type']) ? "&type={$_REQUEST['type']}" : ''; // cn: bug 6897 - detect redirect to Email compose
486 $redirect .= isset($_REQUEST['return_id']) ? "&return_id={$_REQUEST['return_id']}" : '';
487 $redirect .= ($new_pwd!='') ? "&pwd_set=".$new_pwd : '';
488 header("Location: {$redirect}");