modules/Users/Save.php

   1 <?php
   2 if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
   3 /*********************************************************************************
   4  * SugarCRM Community Edition is a customer relationship management program developed by
   5  * SugarCRM, Inc. Copyright (C) 2004-2012 SugarCRM Inc.
   6  *
   7  * This program is free software; you can redistribute it and/or modify it under
   8  * the terms of the GNU Affero General Public License version 3 as published by the
   9  * Free Software Foundation with the addition of the following permission added
  10  * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
  11  * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
  12  * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
  13  *
  14  * This program is distributed in the hope that it will be useful, but WITHOUT
  15  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  16  * FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
  17  * details.
  18  *
  19  * You should have received a copy of the GNU Affero General Public License along with
  20  * this program; if not, see http://www.gnu.org/licenses or write to the Free
  21  * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
  22  * 02110-1301 USA.
  23  *
  24  * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
  25  * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
  26  *
  27  * The interactive user interfaces in modified source and object code versions
  28  * of this program must display Appropriate Legal Notices, as required under
  29  * Section 5 of the GNU Affero General Public License version 3.
  30  *
  31  * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
  32  * these Appropriate Legal Notices must retain the display of the "Powered by
  33  * SugarCRM" logo. If the display of the logo is not reasonably feasible for
  34  * technical reasons, the Appropriate Legal Notices must display the words
  35  * "Powered by SugarCRM".
  36  ********************************************************************************/
  37
  38 /*********************************************************************************
  39
  40  * Description:  TODO: To be written.
  41  * Portions created by SugarCRM are Copyright (C) SugarCRM, Inc.
  42  * All Rights Reserved.
  43  * Contributor(s): ______________________________________..
  44  ********************************************************************************/
  45
  46 require_once('include/SugarFields/SugarFieldHandler.php');
  47 require_once('modules/MySettings/TabController.php');
  48
  49 $display_tabs_def = isset($_REQUEST['display_tabs_def']) ? urldecode($_REQUEST['display_tabs_def']) : '';
  50 $hide_tabs_def = isset($_REQUEST['hide_tabs_def']) ? urldecode($_REQUEST['hide_tabs_def']): '';
  51 $remove_tabs_def = isset($_REQUEST['remove_tabs_def']) ? urldecode($_REQUEST['remove_tabs_def']): '';
  52
  53 $DISPLAY_ARR = array();
  54 $HIDE_ARR = array();
  55 $REMOVE_ARR = array();
  56
  57 parse_str($display_tabs_def,$DISPLAY_ARR);
  58 parse_str($hide_tabs_def,$HIDE_ARR);
  59 parse_str($remove_tabs_def,$REMOVE_ARR);
  60
  61
  62
  63 if (isset($_POST['id']))
  64         sugar_die("Unauthorized access to administration.");
  65 if (isset($_POST['record']) && !is_admin($current_user)
  66      && !$GLOBALS['current_user']->isAdminForModule('Users')
  67      && $_POST['record'] != $current_user->id)
  68 sugar_die("Unauthorized access to administration.");
  69 elseif (!isset($_POST['record']) && !is_admin($current_user)
  70      && !$GLOBALS['current_user']->isAdminForModule('Users'))
  71 sugar_die ("Unauthorized access to user administration.");
  72 $focus = new User();
  73 $focus->retrieve($_POST['record']);
  74
  75 //update any ETag seeds that are tied to the user object changing
  76 $focus->incrementETag("mainMenuETag");
  77
  78 // Flag to determine whether to save a new password or not.
  79 // Bug 43241 - Changed $focus->id to $focus->user_name to make sure that a system generated password is made when converting employee to user
  80 if(empty($focus->user_name))
  81 {
  82     $newUser = true;
  83     clear_register_value('user_array',$focus->object_name);
  84 } else {
  85     $newUser = false;
  86 }
  87
  88
  89 if(!$current_user->is_admin && !$GLOBALS['current_user']->isAdminForModule('Users')
  90     && $current_user->id != $focus->id) {
  91         $GLOBALS['log']->fatal("SECURITY:Non-Admin ". $current_user->id . " attempted to change settings for user:". $focus->id);
  92         header("Location: index.php?module=Users&action=Logout");
  93         exit;
  94 }
  95 if(!$current_user->is_admin  && !$GLOBALS['current_user']->isAdminForModule('Users')
  96     && !empty($_POST['is_admin'])) {
  97         $GLOBALS['log']->fatal("SECURITY:Non-Admin ". $current_user->id . " attempted to change is_admin settings for user:". $focus->id);
  98         header("Location: index.php?module=Users&action=Logout");
  99         exit;
 100 }
 101
 102
 103     // Populate the custom fields
 104     $sfh = new SugarFieldHandler();
 105     foreach ($focus->field_defs as $fieldName => $field)
 106     {
 107         if (isset($field['source']) && $field['source'] == 'custom_fields')
 108         {
 109             $type = !empty($field['custom_type']) ? $field['custom_type'] : $field['type'];
 110             $sf = $sfh->getSugarField($type);
 111             if ($sf != null)
 112             {
 113                 $sf->save($focus, $_POST, $fieldName, $field, '');
 114             }
 115             else
 116             {
 117                 $GLOBALS['log']->fatal("Field '$fieldName' does not have a SugarField handler");
 118             }
 119         }
 120     }
 121
 122
 123         $portal=array("user_name","last_name","status","portal_only");
 124         $group=array("user_name","last_name","status","is_group");
 125         if(isset($_POST['portal_only']) && ($_POST['portal_only']=='1' || $focus->portal_only)){
 126                 foreach($portal as $field){
 127                         if(isset($_POST[$field]))
 128                         {
 129                                 $value = $_POST[$field];
 130                                 $focus->$field = $value;
 131
 132                         }
 133                 }
 134         }
 135
 136         if(isset($_POST['is_group']) && ($_POST['is_group']=='1' || $focus->is_group)){
 137                 foreach($group as $field){
 138                         if(isset($_POST[$field]))
 139                         {
 140                                 $value = $_POST[$field];
 141                                 $focus->$field = $value;
 142
 143                         }
 144                 }
 145         }
 146
 147
 148         // copy the group or portal user name over.  We renamed the field in order to ensure auto-complete would not change the value
 149         if(isset($_POST['user_name']))
 150         {
 151                 $focus->user_name = $_POST['user_name'];
 152         }
 153
 154         // if the user saved is a Regular User
 155         if(!$focus->is_group && !$focus->portal_only){
 156
 157         foreach ($focus->column_fields as $fieldName)
 158         {
 159             $field = $focus->field_defs[$fieldName];
 160             $type = !empty($field['custom_type']) ? $field['custom_type'] : $field['type'];
 161             $sf = $sfh->getSugarField($type);
 162             if ($sf != null)
 163             {
 164                 $sf->save($focus, $_POST, $fieldName, $field, '');
 165             }
 166             else
 167             {
 168                 $GLOBALS['log']->fatal("Field '$fieldName' does not have a SugarField handler");
 169             }
 170         }
 171         foreach ($focus->additional_column_fields as $fieldName)
 172         {
 173             $field = $focus->field_defs[$fieldName];
 174             $type = !empty($field['custom_type']) ? $field['custom_type'] : $field['type'];
 175             $sf = $sfh->getSugarField($type);
 176             if ($sf != null)
 177             {
 178                 $sf->save($focus, $_POST, $fieldName, $field, '');
 179             }
 180             else
 181             {
 182                 $GLOBALS['log']->fatal("Field '$fieldName' does not have a SugarField handler");
 183             }
 184         }
 185
 186                 $focus->is_group=0;
 187                 $focus->portal_only=0;
 188
 189                 if(isset($_POST['status']) && $_POST['status']== "Inactive") $focus->employee_status = "Terminated"; //bug49972
 190
 191                         if(isset($_POST['user_name']))
 192                 {
 193                         $focus->user_name = $_POST['user_name'];
 194                 }
 195                 if((isset($_POST['is_admin']) && ($_POST['is_admin'] == 'on' || $_POST['is_admin'] == '1')) ||
 196            (isset($_POST['UserType']) && $_POST['UserType'] == "Administrator")) $focus->is_admin = 1;
 197                 elseif(isset($_POST['is_admin']) && empty($_POST['is_admin'])) $focus->is_admin = 0;
 198                 //if(empty($_POST['portal_only']) || !empty($_POST['is_admin'])) $focus->portal_only = 0;
 199                 //if(empty($_POST['is_group'])    || !empty($_POST['is_admin'])) $focus->is_group = 0;
 200                 if(empty($_POST['receive_notifications'])) $focus->receive_notifications = 0;
 201
 202                 if(isset($_POST['mailmerge_on']) && !empty($_POST['mailmerge_on'])) {
 203                         $focus->setPreference('mailmerge_on','on', 0, 'global');
 204                 } else {
 205                         $focus->setPreference('mailmerge_on','off', 0, 'global');
 206                 }
 207
 208             if(isset($_POST['user_swap_last_viewed']))
 209             {
 210                 $focus->setPreference('swap_last_viewed', $_POST['user_swap_last_viewed'], 0, 'global');
 211             }
 212             else
 213             {
 214                 $focus->setPreference('swap_last_viewed', '', 0, 'global');
 215             }
 216
 217             if(isset($_POST['user_swap_shortcuts']))
 218             {
 219                 $focus->setPreference('swap_shortcuts', $_POST['user_swap_shortcuts'], 0, 'global');
 220             }
 221             else
 222             {
 223                 $focus->setPreference('swap_shortcuts', '', 0, 'global');
 224             }
 225
 226             if(isset($_POST['use_group_tabs']))
 227             {
 228                 $focus->setPreference('navigation_paradigm', $_POST['use_group_tabs'], 0, 'global');
 229             }
 230             else
 231             {
 232                 $focus->setPreference('navigation_paradigm', 'gm', 0, 'global');
 233             }
 234
 235             if(isset($_POST['user_subpanel_tabs']))
 236             {
 237                 $focus->setPreference('subpanel_tabs', $_POST['user_subpanel_tabs'], 0, 'global');
 238             }
 239             else
 240             {
 241                 $focus->setPreference('subpanel_tabs', '', 0, 'global');
 242             }
 243
 244         if(isset($_POST['user_theme']))
 245         {
 246             $focus->setPreference('user_theme', $_POST['user_theme'], 0, 'global');
 247             $_SESSION['authenticated_user_theme'] = $_POST['user_theme'];
 248         }
 249
 250         if(isset($_POST['user_module_favicon']))
 251             {
 252                 $focus->setPreference('module_favicon', $_POST['user_module_favicon'], 0, 'global');
 253             }
 254             else
 255             {
 256                 $focus->setPreference('module_favicon', '', 0, 'global');
 257             }
 258
 259                 $tabs = new TabController();
 260                 if(isset($_POST['display_tabs']))
 261                         $tabs->set_user_tabs($DISPLAY_ARR['display_tabs'], $focus, 'display');
 262                 if(isset($HIDE_ARR['hide_tabs'])){
 263                         $tabs->set_user_tabs($HIDE_ARR['hide_tabs'], $focus, 'hide');
 264
 265                 }else{
 266                         $tabs->set_user_tabs(array(), $focus, 'hide');
 267                 }
 268                 if(is_admin($current_user)){
 269                         if(isset($REMOVE_ARR['remove_tabs'])){
 270                                 $tabs->set_user_tabs($REMOVE_ARR['remove_tabs'], $focus, 'remove');
 271                         }else{
 272                                 $tabs->set_user_tabs(array(), $focus, 'remove');
 273                         }
 274                 }
 275
 276             if(isset($_POST['no_opps'])) {
 277                 $focus->setPreference('no_opps',$_POST['no_opps'], 0, 'global');
 278             }
 279             else {
 280                 $focus->setPreference('no_opps','off', 0, 'global');
 281             }
 282
 283                 if(isset($_POST['reminder_checked']) && $_POST['reminder_checked'] == '1' && isset($_POST['reminder_checked'])){
 284                         $focus->setPreference('reminder_time', $_POST['reminder_time'], 0, 'global');
 285                 }else{
 286                         // cn: bug 5522, need to unset reminder time if unchecked.
 287                         $focus->setPreference('reminder_time', -1, 0, 'global');
 288                 }
 289
 290                 if(isset($_POST['email_reminder_checked']) && $_POST['email_reminder_checked'] == '1' && isset($_POST['email_reminder_checked'])){
 291                         $focus->setPreference('email_reminder_time', $_POST['email_reminder_time'], 0, 'global');
 292                 }else{
 293                         $focus->setPreference('email_reminder_time', -1, 0, 'global');
 294                 }
 295                 if(isset($_POST['timezone'])) $focus->setPreference('timezone',$_POST['timezone'], 0, 'global');
 296                 if(isset($_POST['ut'])) $focus->setPreference('ut', '0', 0, 'global');
 297                 else $focus->setPreference('ut', '1', 0, 'global');
 298                 if(isset($_POST['currency'])) $focus->setPreference('currency',$_POST['currency'], 0, 'global');
 299                 if(isset($_POST['default_currency_significant_digits'])) $focus->setPreference('default_currency_significant_digits',$_POST['default_currency_significant_digits'], 0, 'global');
 300                 if(isset($_POST['num_grp_sep'])) $focus->setPreference('num_grp_sep', $_POST['num_grp_sep'], 0, 'global');
 301                 if(isset($_POST['dec_sep'])) $focus->setPreference('dec_sep', $_POST['dec_sep'], 0, 'global');
 302                 if(isset($_POST['fdow'])) $focus->setPreference('fdow', $_POST['fdow'], 0, 'global');
 303                 if(isset($_POST['dateformat'])) $focus->setPreference('datef',$_POST['dateformat'], 0, 'global');
 304                 if(isset($_POST['timeformat'])) $focus->setPreference('timef',$_POST['timeformat'], 0, 'global');
 305                 if(isset($_POST['timezone'])) $focus->setPreference('timezone',$_POST['timezone'], 0, 'global');
 306                 if(isset($_POST['mail_fromname'])) $focus->setPreference('mail_fromname',$_POST['mail_fromname'], 0, 'global');
 307                 if(isset($_POST['mail_fromaddress'])) $focus->setPreference('mail_fromaddress',$_POST['mail_fromaddress'], 0, 'global');
 308                 if(isset($_POST['mail_sendtype'])) $focus->setPreference('mail_sendtype', $_POST['mail_sendtype'], 0, 'global');
 309                 if(isset($_POST['mail_smtpserver'])) $focus->setPreference('mail_smtpserver',$_POST['mail_smtpserver'], 0, 'global');
 310                 if(isset($_POST['mail_smtpport'])) $focus->setPreference('mail_smtpport',$_POST['mail_smtpport'], 0, 'global');
 311                 if(isset($_POST['mail_smtpuser'])) $focus->setPreference('mail_smtpuser',$_POST['mail_smtpuser'], 0, 'global');
 312                 if(isset($_POST['mail_smtppass'])) $focus->setPreference('mail_smtppass',$_POST['mail_smtppass'], 0, 'global');
 313                 if(isset($_POST['default_locale_name_format'])) $focus->setPreference('default_locale_name_format',$_POST['default_locale_name_format'], 0, 'global');
 314                 if(isset($_POST['export_delimiter'])) $focus->setPreference('export_delimiter', $_POST['export_delimiter'], 0, 'global');
 315                 if(isset($_POST['default_export_charset'])) $focus->setPreference('default_export_charset', $_POST['default_export_charset'], 0, 'global');
 316                 if(isset($_POST['use_real_names'])) {
 317                         $focus->setPreference('use_real_names', 'on', 0, 'global');
 318                 } elseif(!isset($_POST['use_real_names']) && !isset($_POST['from_dcmenu'])) {
 319                         // Make sure we're on the full form and not the QuickCreate.
 320                         $focus->setPreference('use_real_names', 'off', 0, 'global');
 321                 }
 322
 323                 if(isset($_POST['mail_smtpauth_req'])) {
 324                         $focus->setPreference('mail_smtpauth_req',$_POST['mail_smtpauth_req'] , 0, 'global');
 325                 } else {
 326                         $focus->setPreference('mail_smtpauth_req','', 0, 'global');
 327                 }
 328
 329                 // SSL-enabled SMTP connection
 330                 if(isset($_POST['mail_smtpssl'])) {
 331                         $focus->setPreference('mail_smtpssl', 1, 0, 'global');
 332                 } else {
 333                         $focus->setPreference('mail_smtpssl', 0, 0, 'global');
 334                 }
 335             ///////////////////////////////////////////////////////////////////////////
 336             ////    PDF SETTINGS
 337             foreach($_POST as $k=>$v){
 338                 if(strpos($k,"sugarpdf_pdf") !== false){
 339                     $focus->setPreference($k, $v, 0, 'global');
 340                 }
 341             }
 342             ////    PDF SETTINGS
 343                 ///////////////////////////////////////////////////////////////////////////
 344
 345                 ///////////////////////////////////////////////////////////////////////////
 346                 ////    SIGNATURES
 347                 if(isset($_POST['signature_id']))
 348                         $focus->setPreference('signature_default', $_POST['signature_id'], 0, 'global');
 349
 350                 if(isset($_POST['signature_prepend'])) $focus->setPreference('signature_prepend',$_POST['signature_prepend'], 0, 'global');
 351                 ////    END SIGNATURES
 352                 ///////////////////////////////////////////////////////////////////////////
 353
 354
 355                  if(isset($_POST['email_link_type'])) $focus->setPreference('email_link_type', $_REQUEST['email_link_type']);
 356                 if(isset($_REQUEST['email_show_counts'])) {
 357                         $focus->setPreference('email_show_counts', $_REQUEST['email_show_counts'], 0, 'global');
 358                 } else {
 359                         $focus->setPreference('email_show_counts', 0, 0, 'global');
 360                 }
 361                 if(isset($_REQUEST['email_editor_option']))
 362                         $focus->setPreference('email_editor_option', $_REQUEST['email_editor_option'], 0, 'global');
 363                 if(isset($_REQUEST['default_email_charset']))
 364                         $focus->setPreference('default_email_charset', $_REQUEST['default_email_charset'], 0, 'global');
 365
 366                 if(isset($_POST['calendar_publish_key'])) $focus->setPreference('calendar_publish_key',$_POST['calendar_publish_key'], 0, 'global');
 367         }
 368
 369         if (!$focus->verify_data())
 370         {
 371                 header("Location: index.php?action=Error&module=Users&error_string=".urlencode($focus->error_string));
 372                 exit;
 373         }
 374         else
 375         {       $GLOBALS['sugar_config']['disable_team_access_check'] = true;
 376                 $focus->save();
 377                 $GLOBALS['sugar_config']['disable_team_access_check'] = false;
 378                 $return_id = $focus->id;
 379                 $ieVerified = true;
 380
 381                 global $new_pwd;
 382                 $new_pwd='';
 383                 if((isset($_POST['old_password']) || $focus->portal_only) &&
 384                         (isset($_POST['new_password']) && !empty($_POST['new_password'])) &&
 385                         (isset($_POST['password_change']) && $_POST['password_change'] == 'true') ) {
 386                         if (!$focus->change_password($_POST['old_password'], $_POST['new_password'])) {
 387                            if((isset($_POST['page']) && $_POST['page'] == 'EditView')){
 388                                header("Location: index.php?action=EditView&module=Users&record=".$_POST['record']."&error_password=".urlencode($focus->error_string));
 389                                exit;
 390                            }
 391                            if((isset($_POST['page']) && $_POST['page'] == 'Change')){
 392                                header("Location: index.php?action=ChangePassword&module=Users&record=".$_POST['record']."&error_password=".urlencode($focus->error_string));
 393                                exit;
 394                            }
 395                    }
 396                    else{
 397                                 if ($newUser)
 398                                         $new_pwd='3';
 399                                 else
 400                                         $new_pwd='1';
 401                    }
 402                 }
 403
 404                 ///////////////////////////////////////////////////////////////////////////
 405                 ////    OUTBOUND EMAIL SAVES
 406                 ///////////////////////////////////////////////////////////////////////////
 407
 408                 $sysOutboundAccunt = new OutboundEmail();
 409
 410                 //If a user is not alloweed to use the default system outbound account then they will be
 411                 //saving their own username/password for the system account
 412                 if( ! $sysOutboundAccunt->isAllowUserAccessToSystemDefaultOutbound() )
 413         {
 414             $userOverrideOE = $sysOutboundAccunt->getUsersMailerForSystemOverride($focus->id);
 415             if($userOverrideOE != null)
 416             {
 417                 //User is alloweed to clear username and pass so no need to check for blanks.
 418                 $userOverrideOE->mail_smtpuser = $_REQUEST['mail_smtpuser'];
 419                 $userOverrideOE->mail_smtppass = $_REQUEST['mail_smtppass'];
 420                 $userOverrideOE->save();
 421             }
 422             else
 423             {
 424                 //If a user name and password for the mail account is set, create the users override account.
 425                 if( ! (empty($_REQUEST['mail_smtpuser']) || empty($_REQUEST['mail_smtppass'])) )
 426                     $sysOutboundAccunt->createUserSystemOverrideAccount($focus->id,$_REQUEST['mail_smtpuser'],$_REQUEST['mail_smtppass'] );
 427             }
 428         }
 429
 430
 431                 ///////////////////////////////////////////////////////////////////////////
 432                 ////    INBOUND EMAIL SAVES
 433                 if(isset($_REQUEST['server_url']) && !empty($_REQUEST['server_url'])) {
 434
 435                         $ie = new InboundEmail();
 436                         if(false === $ie->savePersonalEmailAccount($return_id, $focus->user_name)) {
 437                                 header("Location: index.php?action=Error&module=Users&error_string=&ie_error=true&id=".$return_id);
 438                                 die(); // die here, else the header redirect below takes over.
 439                         }
 440                 } elseif(isset($_REQUEST['ie_id']) && !empty($_REQUEST['ie_id']) && empty($_REQUEST['server_url'])) {
 441                         // user is deleting their I-E
 442
 443                         $ie = new InboundEmail();
 444                         $ie->deletePersonalEmailAccount($_REQUEST['ie_id'], $focus->user_name);
 445                 }
 446                 ////    END INBOUND EMAIL SAVES
 447                 ///////////////////////////////////////////////////////////////////////////
 448                 if(($newUser) && !($focus->is_group) && !($focus->portal_only) && isset($sugar_config['passwordsetting']['SystemGeneratedPasswordON']) && $sugar_config['passwordsetting']['SystemGeneratedPasswordON']){
 449                         $new_pwd='2';
 450                         require_once('modules/Users/GeneratePassword.php');
 451                 }
 452
 453         }
 454
 455
 456     //handle navigation from user wizard
 457     if(isset($_REQUEST['whatnext'])){
 458         if($_REQUEST['whatnext']== 'import'){
 459             header("Location:index.php?module=Import&action=step1&import_module=Administration");
 460             return;
 461         }elseif($_REQUEST['whatnext']== 'users'){
 462             header("Location:index.php?module=Users&action=index");
 463             return;
 464         }elseif($_REQUEST['whatnext']== 'settings'){
 465             header("Location:index.php?module=Configurator&action=EditView");
 466             return;
 467         }elseif($_REQUEST['whatnext']== 'studio'){
 468             header("Location:index.php?module=ModuleBuilder&action=index&type=studio");
 469             return;
 470         }else{
 471             //do nothing, let the navigation continue as normal using code below
 472         }
 473
 474     }
 475
 476 if(isset($_REQUEST['return_module']) && $_REQUEST['return_module'] != "") $return_module = $_REQUEST['return_module'];
 477 else $return_module = "Users";
 478 if(isset($_REQUEST['return_action']) && $_REQUEST['return_action'] != "") $return_action = $_REQUEST['return_action'];
 479 else $return_action = "DetailView";
 480 if(isset($_REQUEST['return_id']) && $_REQUEST['return_id'] != "") $return_id = $_REQUEST['return_id'];
 481
 482 $GLOBALS['log']->debug("Saved record with id of ".$return_id);
 483
 484 $redirect = "index.php?action={$return_action}&module={$return_module}&record={$return_id}";
 485 $redirect .= isset($_REQUEST['type']) ? "&type={$_REQUEST['type']}" : ''; // cn: bug 6897 - detect redirect to Email compose
 486 $redirect .= isset($_REQUEST['return_id']) ? "&return_id={$_REQUEST['return_id']}" : '';
 487 $redirect .= ($new_pwd!='') ? "&pwd_set=".$new_pwd : '';
 488 header("Location: {$redirect}");
 489 ?>