Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
<?php
/*************************************************************************
staff.inc.php
File included on every staff page...handles logins (security) and file path issues.
Peter Rotich <peter@osticket.com>
Copyright (c) 2006-2012 osTicket
http://www.osticket.com
Released under the GNU General Public License WITHOUT ANY WARRANTY.
See LICENSE.TXT for details.
vim: expandtab sw=4 ts=4 sts=4:
**********************************************************************/
if(basename($_SERVER['SCRIPT_NAME'])==basename(__FILE__)) die('Kwaheri rafiki!'); //Say hi to our friend..
if(!file_exists('../main.inc.php')) die('Fatal error... get technical support');
define('ROOT_PATH','../'); //Path to the root dir.
require_once('../main.inc.php');
if(!defined('INCLUDE_DIR')) die('Fatal error... invalid setting.');
/*Some more include defines specific to staff only */
define('STAFFINC_DIR',INCLUDE_DIR.'staff/');
define('SCP_DIR',str_replace('//','/',dirname(__FILE__).'/'));
/* Define tag that included files can check */
define('OSTSCPINC',TRUE);
define('OSTSTAFFINC',TRUE);
/* Tables used by staff only */
define('KB_PREMADE_TABLE',TABLE_PREFIX.'kb_premade');
/* include what is needed on staff control panel */
require_once(INCLUDE_DIR.'class.staff.php');
require_once(INCLUDE_DIR.'class.group.php');
require_once(INCLUDE_DIR.'class.nav.php');
/* First order of the day is see if the user is logged in and with a valid session.
* User must be valid staff beyond this point
* ONLY super admins can access the helpdesk on offline state.
*/
if(!function_exists('staffLoginPage')) { //Ajax interface can pre-declare the function to trap expired sessions.
function staffLoginPage($msg) {
$_SESSION['_staff']['auth']['dest']=THISPAGE;
$_SESSION['_staff']['auth']['msg']=$msg;
require(SCP_DIR.'login.php');
exit;
}
}
$thisstaff = new StaffSession($_SESSION['_staff']['userID']); //Set staff object.
//1) is the user Logged in for real && is staff.
if(!$thisstaff || !is_object($thisstaff) || !$thisstaff->getId() || !$thisstaff->isValid()){
$msg=(!$thisstaff || !$thisstaff->isValid())?'Authentication Required':'Session timed out due to inactivity';
staffLoginPage($msg);
exit;
}
//2) if not super admin..check system status and group status
if(!$thisstaff->isadmin()){
//Staff are not allowed to login in offline mode!!
if($cfg->isHelpDeskOffline()){
staffLoginPage('System Offline');
exit;
}
//Check for disabled staff or group!
if(!$thisstaff->isactive() || !$thisstaff->isGroupActive()) {
staffLoginPage('Access Denied. Contact Admin');
exit;
}
}
//Keep the session activity alive
$thisstaff->refreshSession();
//Set staff's timezone offset.
$_SESSION['TZ_OFFSET']=$thisstaff->getTZoffset();
$_SESSION['daylight']=$thisstaff->observeDaylight();
define('AUTO_REFRESH_RATE',$thisstaff->getRefreshRate()*60);
define('PAGE_LIMIT',$thisstaff->getPageLimit()?$thisstaff->getPageLimit():DEFAULT_PAGE_LIMIT);
//Clear some vars. we use in all pages.
$errors=array();
$msg=$warn=$sysnotice='';
$tabs=array();
$submenu=array();
if(defined('THIS_VERSION') && strcasecmp($cfg->getVersion(),THIS_VERSION)) {
$errors['err']=$sysnotice=sprintf('The script is version %s while the database is version %s',THIS_VERSION,$cfg->getVersion());
}elseif($cfg->isHelpDeskOffline()){
$sysnotice='<strong>System is set to offline mode</strong> - Client interface is disabled and ONLY admins can access staff control panel.';
$sysnotice.=' <a href="settings.php">Enable</a>.';
}
$nav = new StaffNav($thisstaff);
//Check for forced password change.
if($thisstaff->forcePasswdChange()){
# XXX: Call staffLoginPage() for AJAX and API requests _not_ to honor
# the request
require('profile.php'); //profile.php must request this file as require_once to avoid problems.
exit;
}
?>