[ Index ] |
PHP Cross Reference of Eventum |
[Summary view] [Print] [Text view]
1 <?php 2 /* vim: set expandtab tabstop=4 shiftwidth=4 encoding=utf-8: */ 3 // +----------------------------------------------------------------------+ 4 // | Eventum - Issue Tracking System | 5 // +----------------------------------------------------------------------+ 6 // | Copyright (c) 2003, 2004, 2005, 2006, 2007 MySQL AB | 7 // | | 8 // | This program is free software; you can redistribute it and/or modify | 9 // | it under the terms of the GNU General Public License as published by | 10 // | the Free Software Foundation; either version 2 of the License, or | 11 // | (at your option) any later version. | 12 // | | 13 // | This program is distributed in the hope that it will be useful, | 14 // | but WITHOUT ANY WARRANTY; without even the implied warranty of | 15 // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | 16 // | GNU General Public License for more details. | 17 // | | 18 // | You should have received a copy of the GNU General Public License | 19 // | along with this program; if not, write to: | 20 // | | 21 // | Free Software Foundation, Inc. | 22 // | 59 Temple Place - Suite 330 | 23 // | Boston, MA 02111-1307, USA. | 24 // +----------------------------------------------------------------------+ 25 // | Authors: João Prado Maia <jpm@mysql.com> | 26 // +----------------------------------------------------------------------+ 27 // 28 // @(#) $Id: class.user.php 3308 2007-04-17 01:32:48Z balsdorf $ 29 // 30 31 require_once (APP_INC_PATH . "class.error_handler.php"); 32 require_once (APP_INC_PATH . "class.auth.php"); 33 require_once (APP_INC_PATH . "class.mail.php"); 34 require_once (APP_INC_PATH . "class.misc.php"); 35 require_once (APP_INC_PATH . "class.prefs.php"); 36 require_once (APP_INC_PATH . "class.notification.php"); 37 require_once (APP_INC_PATH . "class.validation.php"); 38 require_once (APP_INC_PATH . "class.date.php"); 39 require_once (APP_INC_PATH . "class.project.php"); 40 require_once (APP_INC_PATH . "class.setup.php"); 41 require_once(APP_CONFIG_PATH . "private_key.php"); 42 43 // definition of roles 44 $roles = array( 45 1 => "Viewer", 46 2 => "Reporter", 47 3 => "Customer", 48 4 => "Standard User", 49 5 => "Developer", 50 6 => "Manager", 51 7 => "Administrator" 52 ); 53 54 /** 55 * Class to handle the business logic related to the administration 56 * of users and permissions in the system. 57 * 58 * @version 1.0 59 * @author João Prado Maia <jpm@mysql.com> 60 */ 61 62 class User 63 { 64 /** 65 * Method used to get the user ID associated with the given customer 66 * contact ID. 67 * 68 * @access public 69 * @param integer $customer_contact_id The customer contact ID 70 * @return integer The user ID 71 */ 72 function getUserIDByContactID($customer_contact_id) 73 { 74 $stmt = "SELECT 75 usr_id 76 FROM 77 " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "user 78 WHERE 79 usr_customer_contact_id=" . Misc::escapeInteger($customer_contact_id); 80 $res = $GLOBALS["db_api"]->dbh->getOne($stmt); 81 if (PEAR::isError($res)) { 82 Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); 83 return ''; 84 } else { 85 return $res; 86 } 87 } 88 89 90 /** 91 * Method used to get the account email address associated with the given 92 * customer contact ID. 93 * 94 * @access public 95 * @param integer $customer_contact_id The customer contact ID 96 * @return string The user's email address 97 */ 98 function getEmailByContactID($customer_contact_id) 99 { 100 $stmt = "SELECT 101 usr_email 102 FROM 103 " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "user 104 WHERE 105 usr_customer_contact_id=" . Misc::escapeInteger($customer_contact_id); 106 $res = $GLOBALS["db_api"]->dbh->getOne($stmt); 107 if (PEAR::isError($res)) { 108 Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); 109 return ''; 110 } else { 111 return $res; 112 } 113 } 114 115 116 /** 117 * Method used to get the SMS email address associated with the given 118 * user ID. 119 * 120 * @access public 121 * @param integer $usr_id The user ID 122 * @return string The user's SMS email address 123 */ 124 function getSMS($usr_id) 125 { 126 $stmt = "SELECT 127 usr_sms_email 128 FROM 129 " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "user 130 WHERE 131 usr_id=" . Misc::escapeInteger($usr_id); 132 $res = $GLOBALS["db_api"]->dbh->getOne($stmt); 133 if (PEAR::isError($res)) { 134 Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); 135 return ''; 136 } else { 137 return $res; 138 } 139 } 140 141 142 /** 143 * Method used to update the SMS email address associated with the given 144 * user ID. 145 * 146 * @access public 147 * @param integer $usr_id The user ID 148 * @param string $sms_email The user's SMS email address 149 * @return boolean Whether the update was successfull or not 150 */ 151 function updateSMS($usr_id, $sms_email) 152 { 153 $stmt = "UPDATE 154 " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "user 155 SET 156 usr_sms_email='" . Misc::escapeString($sms_email) . "' 157 WHERE 158 usr_id=" . Misc::escapeInteger($usr_id); 159 $res = $GLOBALS["db_api"]->dbh->query($stmt); 160 if (PEAR::isError($res)) { 161 Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); 162 return false; 163 } else { 164 return true; 165 } 166 } 167 168 169 /** 170 * Method used to get the customer contact ID associated with 171 * the given user ID. 172 * 173 * @access public 174 * @param integer $usr_id The user ID 175 * @return integer The customer contact ID 176 */ 177 function getCustomerContactID($usr_id) 178 { 179 $stmt = "SELECT 180 usr_customer_contact_id 181 FROM 182 " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "user 183 WHERE 184 usr_id=" . Misc::escapeInteger($usr_id); 185 $res = $GLOBALS["db_api"]->dbh->getOne($stmt); 186 if (PEAR::isError($res)) { 187 Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); 188 return -1; 189 } else { 190 return $res; 191 } 192 } 193 194 195 /** 196 * Method used to get the customer ID associated with 197 * the given user ID. 198 * 199 * @access public 200 * @param integer $usr_id The user ID 201 * @return integer The customer ID 202 */ 203 function getCustomerID($usr_id) 204 { 205 static $returns; 206 207 if (!empty($returns[$usr_id])) { 208 return $returns[$usr_id]; 209 } 210 211 $stmt = "SELECT 212 usr_customer_id 213 FROM 214 " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "user 215 WHERE 216 usr_id=" . Misc::escapeInteger($usr_id); 217 $res = $GLOBALS["db_api"]->dbh->getOne($stmt); 218 if (PEAR::isError($res)) { 219 Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); 220 return -1; 221 } else { 222 $returns[$usr_id] = $res; 223 return $res; 224 } 225 } 226 227 228 /** 229 * Method used to update the user account and set the user as a confirmed one. 230 * 231 * @access public 232 * @param string $email The email address 233 * @return boolean 234 */ 235 function confirmVisitorAccount($email) 236 { 237 $stmt = "UPDATE 238 " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "user 239 SET 240 usr_status='active' 241 WHERE 242 usr_email='" . Misc::escapeString($email) . "'"; 243 $res = $GLOBALS["db_api"]->dbh->query($stmt); 244 if (PEAR::isError($res)) { 245 Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); 246 return false; 247 } else { 248 return true; 249 } 250 } 251 252 253 /** 254 * Method used to check whether the hash passed in the confirmation URL is 255 * a valid one when comparing against the provided email address. 256 * 257 * @access public 258 * @param string $email The email address associated with the user account 259 * @param string $hash The md5 hash string to be checked against 260 * @return integer -1 if there was an error in the query, -2 for users that don't exist, 261 * -3 if it cannot be authenticated and 1 if it did work 262 */ 263 function checkHash($email, $hash) 264 { 265 $stmt = "SELECT 266 usr_full_name 267 FROM 268 " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "user 269 WHERE 270 usr_email='" . Misc::escapeString($email) . "'"; 271 $res = $GLOBALS["db_api"]->dbh->getOne($stmt); 272 if (PEAR::isError($res)) { 273 Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); 274 return -1; 275 } else { 276 if ($res == NULL) { 277 return -2; 278 } else { 279 $check_hash = md5($res . md5($email) . $GLOBALS["private_key"]); 280 if ($hash != $check_hash) { 281 return -3; 282 } else { 283 return 1; 284 } 285 } 286 } 287 } 288 289 290 /** 291 * Method used to create a new user account with pending status and send a 292 * confirmation email to the prospective user. 293 * 294 * @access public 295 * @param string $role The user role 296 * @param array $projects The list of projects that this user will be associated with 297 * @return integer 1 if the creation worked, -1 otherwise 298 */ 299 function createVisitorAccount($role, $projects) 300 { 301 // check for double submits 302 if (Auth::userExists($_POST["email"])) { 303 return -2; 304 } 305 $prefs = Prefs::getDefaults($projects); 306 $stmt = "INSERT INTO 307 " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "user 308 ( 309 usr_created_date, 310 usr_password, 311 usr_full_name, 312 usr_email, 313 usr_preferences, 314 usr_status 315 ) VALUES ( 316 '" . Date_API::getCurrentDateGMT() . "', 317 '" . Auth::hashPassword(Misc::escapeString($_POST["passwd"])) . "', 318 '" . Misc::escapeString($_POST["full_name"]) . "', 319 '" . Misc::escapeString($_POST["email"]) . "', 320 '" . Misc::escapeString($prefs) . "', 321 'pending' 322 )"; 323 $res = $GLOBALS["db_api"]->dbh->query($stmt); 324 if (PEAR::isError($res)) { 325 Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); 326 return -1; 327 } else { 328 $new_usr_id = $GLOBALS["db_api"]->get_last_insert_id(); 329 // add the project associations! 330 for ($i = 0; $i < count($projects); $i++) { 331 Project::associateUser($projects[$i], $new_usr_id, $role); 332 } 333 // send confirmation email to user 334 $hash = md5($_POST["full_name"] . md5($_POST["email"]) . $GLOBALS["private_key"]); 335 336 $tpl = new Template_API; 337 $tpl->setTemplate('notifications/visitor_account.tpl.text'); 338 $tpl->bulkAssign(array( 339 "app_title" => Misc::getToolCaption(), 340 "email" => $_POST['email'], 341 'hash' => $hash 342 )); 343 $text_message = $tpl->getTemplateContents(); 344 345 $setup = Setup::load(); 346 $mail = new Mail_API; 347 // need to make this message MIME based 348 $mail->setTextBody($text_message); 349 $mail->send($setup["smtp"]["from"], $_POST["email"], APP_SHORT_NAME . ": New Account - Confirmation Required"); 350 return 1; 351 } 352 } 353 354 355 /** 356 * Method used to send a confirmation email to the user that is associated 357 * to the email address. 358 * 359 * @access public 360 * @param string $usr_id The user ID 361 * @return void 362 */ 363 function sendPasswordConfirmationEmail($usr_id) 364 { 365 $info = User::getDetails($usr_id); 366 // send confirmation email to user 367 $hash = md5($info["usr_full_name"] . md5($info["usr_email"]) . $GLOBALS["private_key"]); 368 369 $tpl = new Template_API; 370 $tpl->setTemplate('notifications/password_confirmation.tpl.text'); 371 $tpl->bulkAssign(array( 372 "app_title" => Misc::getToolCaption(), 373 "user" => $info, 374 'hash' => $hash 375 )); 376 $text_message = $tpl->getTemplateContents(); 377 378 $setup = Setup::load(); 379 $mail = new Mail_API; 380 // need to make this message MIME based 381 $mail->setTextBody($text_message); 382 $mail->send($setup["smtp"]["from"], $info["usr_email"], APP_SHORT_NAME . ": New Password - Confirmation Required"); 383 } 384 385 386 /** 387 * Method used to confirm the request of a new password and send an email 388 * to the user with the new random password. 389 * 390 * @access public 391 * @param string $email The email address 392 * @return void 393 */ 394 function confirmNewPassword($email) 395 { 396 $usr_id = User::getUserIDByEmail($email); 397 // create the new password 398 $_POST["new_password"] = substr(md5(microtime() . uniqid("")), 0, 12); 399 $_POST["confirm_password"] = $_POST["new_password"]; 400 User::updatePassword($usr_id, true); 401 } 402 403 404 /** 405 * Method used to lookup the user ID of a given email address. 406 * 407 * @access public 408 * @param string $email The email address associated with the user account 409 * @return integer The user ID 410 */ 411 function getUserIDByEmail($email) 412 { 413 static $returns; 414 415 if (!empty($returns[$email])) { 416 return $returns[$email]; 417 } 418 419 $stmt = "SELECT 420 usr_id 421 FROM 422 " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "user 423 WHERE 424 usr_email='" . Misc::escapeString($email) . "'"; 425 $res = $GLOBALS["db_api"]->dbh->getOne($stmt); 426 if (PEAR::isError($res)) { 427 Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); 428 return ""; 429 } else { 430 $returns[$email] = $res; 431 return $res; 432 } 433 } 434 435 436 /** 437 * Method used to check whether an user is set to status active 438 * or not. 439 * 440 * @access public 441 * @param string $status The status of the user 442 * @return boolean 443 */ 444 function isActiveStatus($status) 445 { 446 if ($status == 'active') { 447 return true; 448 } else { 449 return false; 450 } 451 } 452 453 454 /** 455 * Method used to check whether an user is set to status pending 456 * or not. 457 * 458 * @access public 459 * @param string $status The status of the user 460 * @return boolean 461 */ 462 function isPendingStatus($status) 463 { 464 if ($status == 'pending') { 465 return true; 466 } else { 467 return false; 468 } 469 } 470 471 472 /** 473 * Method used to get the list of all active users available in the system 474 * as an associative array of user IDs => user full names. 475 * 476 * @access public 477 * @param integer $prj_id The id of the project to show users from 478 * @param integer $role The role ID of the user 479 * @param boolean $exclude_grouped If users with a group should be excluded 480 * @Param integer $grp_id The ID of the group. 481 * @return array The associative array of users 482 */ 483 function getActiveAssocList($prj_id = false, $role = NULL, $exclude_grouped = false, $grp_id = false) 484 { 485 $grp_id = Misc::escapeInteger($grp_id); 486 $stmt = "SELECT 487 usr_id, 488 usr_full_name 489 FROM 490 " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "user"; 491 if ($prj_id != false) { 492 $stmt .= ", 493 " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "project_user\n"; 494 } 495 $stmt .= " 496 WHERE 497 usr_status='active' AND 498 usr_id != " . APP_SYSTEM_USER_ID; 499 if ($prj_id != false) { 500 $stmt .= " AND pru_prj_id = " . Misc::escapeInteger($prj_id) . " AND 501 usr_id = pru_usr_id"; 502 if ($role != NULL) { 503 $stmt .= " AND pru_role > $role "; 504 } 505 } 506 if ($grp_id != false) { 507 if ($exclude_grouped == false) { 508 $stmt .= " AND (usr_grp_id IS NULL OR usr_grp_id = $grp_id)"; 509 } else { 510 $stmt .= " AND usr_grp_id = $grp_id"; 511 } 512 } elseif ($exclude_grouped == true) { 513 $stmt .= " AND usr_grp_id IS NULL"; 514 } 515 $stmt .= " 516 ORDER BY 517 usr_full_name ASC"; 518 $res = $GLOBALS["db_api"]->dbh->getAssoc($stmt); 519 if (PEAR::isError($res)) { 520 Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); 521 return ""; 522 } else { 523 return $res; 524 } 525 } 526 527 528 /** 529 * Method used to get an associative array of the available roles. 530 * 531 * @access public 532 * @return array The list of roles 533 */ 534 function getAssocRoleIDs() 535 { 536 global $roles; 537 reset($roles); 538 $assoc_roles = array(); 539 while (list($key, $value) = each($roles)) { 540 $value = str_replace(" ", "_", strtolower($value)); 541 $assoc_roles[$value] = (integer) $key; 542 } 543 return $assoc_roles; 544 } 545 546 547 /** 548 * Method used to get the full list of roles available in the 549 * system. 550 * 551 * @access public 552 * @param array $exclude_role The list of roles to ignore 553 * @return array The list of roles 554 */ 555 function getRoles($exclude_role = FALSE) 556 { 557 if ($exclude_role == false) { 558 return $GLOBALS['localized_roles']; 559 } else { 560 $roles = $GLOBALS['localized_roles']; 561 if (!is_array($exclude_role)) { 562 $exclude_role = array($exclude_role); 563 } 564 foreach ($exclude_role as $role_title) { 565 unset($roles[User::getRoleID($role_title)]); 566 } 567 568 return $roles; 569 } 570 } 571 572 573 /** 574 * Method used to get the role title for a specific role ID. 575 * 576 * @access public 577 * @param integer $role_id The role ID 578 * @return string The role title 579 */ 580 function getRole($role_id) 581 { 582 return $GLOBALS['localized_roles'][$role_id]; 583 } 584 585 586 /** 587 * Method used to get the role ID for a specific role title. 588 * 589 * @access public 590 * @param string $role_title The role title 591 * @return integer The role ID 592 */ 593 function getRoleID($role_title) 594 { 595 global $roles; 596 597 foreach ($roles as $role_id => $role) { 598 if (strtolower($role) == strtolower($role_title)) { 599 return $role_id; 600 } 601 } 602 } 603 604 605 /** 606 * Method used to get the role for a specific user and project. 607 * 608 * @access public 609 * @param integer $usr_id The user ID 610 * @param integer $prj_id The project ID 611 * @return integer The role ID 612 */ 613 function getRoleByUser($usr_id, $prj_id) 614 { 615 static $returns; 616 617 if ($usr_id == APP_SYSTEM_USER_ID) { 618 return User::getRoleID("Administrator"); 619 } 620 621 if (!empty($returns[$usr_id][$prj_id])) { 622 return $returns[$usr_id][$prj_id]; 623 } 624 625 $stmt = "SELECT 626 pru_role 627 FROM 628 " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "project_user 629 WHERE 630 pru_usr_id=" . Misc::escapeInteger($usr_id) . " AND 631 pru_prj_id = " . Misc::escapeInteger($prj_id); 632 $res = $GLOBALS["db_api"]->dbh->getOne($stmt); 633 if (PEAR::isError($res)) { 634 return ""; 635 } else { 636 $returns[$usr_id][$prj_id] = $res; 637 return $res; 638 } 639 } 640 641 642 /** 643 * Method used to get the account details of a specific user. 644 * 645 * @access public 646 * @param integer $usr_id The user ID 647 * @return array The account details 648 */ 649 function getDetails($usr_id) 650 { 651 static $returns; 652 653 if (!empty($returns[$usr_id])) { 654 return $returns[$usr_id]; 655 } 656 657 $stmt = "SELECT 658 * 659 FROM 660 " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "user 661 WHERE 662 usr_id=" . Misc::escapeInteger($usr_id); 663 $res = $GLOBALS["db_api"]->dbh->getRow($stmt, DB_FETCHMODE_ASSOC); 664 if (PEAR::isError($res)) { 665 Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); 666 return ""; 667 } else { 668 $roles = Project::getAssocList($usr_id, false, true); 669 $res["projects"] = @array_keys($roles); 670 $res["roles"] = $roles; 671 $returns[$usr_id] = $res; 672 return $res; 673 } 674 } 675 676 677 /** 678 * Method used to get the full name of the specified user. 679 * 680 * @access public 681 * @param integer $usr_id The user ID 682 * @return string The user' full name 683 */ 684 function getFullName($usr_id) 685 { 686 static $returns; 687 688 if (!is_array($usr_id)) { 689 $items = array($usr_id); 690 } else { 691 $items = $usr_id; 692 } 693 694 $key = md5(serialize($usr_id)); 695 if (!empty($returns[$key])) { 696 return $returns[$key]; 697 } 698 699 if (count($items) < 1) { 700 if (!is_array($usr_id)) { 701 return ''; 702 } else { 703 return array(); 704 } 705 } 706 707 $stmt = "SELECT 708 usr_full_name 709 FROM 710 " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "user 711 WHERE 712 usr_id IN (" . implode(', ', Misc::escapeInteger($items)) . ")"; 713 if (!is_array($usr_id)) { 714 $res = $GLOBALS["db_api"]->dbh->getOne($stmt); 715 } else { 716 $res = $GLOBALS["db_api"]->dbh->getCol($stmt); 717 } 718 if (PEAR::isError($res)) { 719 Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); 720 return ""; 721 } else { 722 $returns[$key] = $res; 723 return $res; 724 } 725 } 726 727 728 /** 729 * Method used to get the email address of the specified user. 730 * 731 * @access public 732 * @param integer $usr_id The user ID or user ids 733 * @return string The user' full name 734 */ 735 function getEmail($usr_id) 736 { 737 static $returns; 738 739 if (!is_array($usr_id)) { 740 $items = array($usr_id); 741 } else { 742 $items = $usr_id; 743 } 744 745 $key = md5(serialize($usr_id)); 746 if (!empty($returns[$key])) { 747 return $returns[$key]; 748 } 749 750 if (count($items) < 1) { 751 if (!is_array($usr_id)) { 752 return ''; 753 } else { 754 return array(); 755 } 756 } 757 758 $stmt = "SELECT 759 usr_email 760 FROM 761 " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "user 762 WHERE 763 usr_id IN (" . implode(', ', Misc::escapeInteger($items)) . ")"; 764 if (!is_array($usr_id)) { 765 $res = $GLOBALS["db_api"]->dbh->getOne($stmt); 766 } else { 767 $res = $GLOBALS["db_api"]->dbh->getCol($stmt); 768 } 769 if (PEAR::isError($res)) { 770 Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); 771 if (!is_array($usr_id)) { 772 return ''; 773 } else { 774 return array(); 775 } 776 } else { 777 $returns[$key] = $res; 778 return $res; 779 } 780 } 781 782 783 /** 784 * Method used to get the group id of the specified user. 785 * 786 * @access public 787 * @param integer $usr_id The user ID 788 * @return string The user' full name 789 */ 790 function getGroupID($usr_id) 791 { 792 static $returns; 793 794 if (!is_array($usr_id)) { 795 $items = array($usr_id); 796 } else { 797 $items = $usr_id; 798 } 799 800 $key = md5(serialize($usr_id)); 801 if (!empty($returns[$key])) { 802 return $returns[$key]; 803 } 804 805 $stmt = "SELECT 806 usr_grp_id 807 FROM 808 " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "user 809 WHERE 810 usr_id IN (" . implode(', ', Misc::escapeInteger($items)) . ")"; 811 if (!is_array($usr_id)) { 812 $res = $GLOBALS["db_api"]->dbh->getOne($stmt); 813 } else { 814 $res = $GLOBALS["db_api"]->dbh->getCol($stmt); 815 } 816 if (PEAR::isError($res)) { 817 Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); 818 return ""; 819 } else { 820 $returns[$key] = $res; 821 return $res; 822 } 823 } 824 825 826 /** 827 * Returns the status of the user associated with the given email address. 828 * 829 * @access public 830 * @param string $email The email address 831 * @return string The user status 832 */ 833 function getStatusByEmail($email) 834 { 835 static $returns; 836 837 if (isset($returns[$email])) { 838 return $returns[$email]; 839 } 840 841 $stmt = "SELECT 842 usr_status 843 FROM 844 " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "user 845 WHERE 846 usr_email='" . Misc::escapeString($email) . "'"; 847 $res = $GLOBALS["db_api"]->dbh->getOne($stmt); 848 if (PEAR::isError($res)) { 849 Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); 850 return ''; 851 } else { 852 $returns[$email] = $res; 853 return $res; 854 } 855 } 856 857 858 /** 859 * Method used to change the status of users, making them inactive 860 * or active. 861 * 862 * @access public 863 * @return boolean 864 */ 865 function changeStatus() 866 { 867 // check if the user being inactivated is the last one 868 $stmt = "SELECT 869 COUNT(*) 870 FROM 871 " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "user 872 WHERE 873 usr_status='active'"; 874 $total_active = $GLOBALS["db_api"]->dbh->getOne($stmt); 875 if (($total_active < 2) && ($_POST["status"] == "inactive")) { 876 return false; 877 } 878 879 $items = @implode(", ", Misc::escapeInteger($_POST["items"])); 880 $stmt = "UPDATE 881 " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "user 882 SET 883 usr_status='" . $_POST["status"] . "' 884 WHERE 885 usr_id IN ($items)"; 886 $res = $GLOBALS["db_api"]->dbh->query($stmt); 887 if (PEAR::isError($res)) { 888 Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); 889 return false; 890 } else { 891 return true; 892 } 893 } 894 895 896 /** 897 * Method used to update the account password for a specific user. 898 * 899 * @access public 900 * @param integer $usr_id The user ID 901 * @param boolean $send_notification Whether to send the notification email or not 902 * @return integer 1 if the update worked, -1 otherwise 903 */ 904 function updatePassword($usr_id, $send_notification = FALSE) 905 { 906 if ($_POST['new_password'] != $_POST['confirm_password']) { 907 return -2; 908 } 909 $stmt = "UPDATE 910 " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "user 911 SET 912 usr_password='" . Auth::hashPassword($_POST["new_password"]) . "' 913 WHERE 914 usr_id=" . Misc::escapeInteger($usr_id); 915 $res = $GLOBALS["db_api"]->dbh->query($stmt); 916 if (PEAR::isError($res)) { 917 Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); 918 return -1; 919 } else { 920 if ($send_notification) { 921 Notification::notifyUserPassword($usr_id, $_POST["new_password"]); 922 } 923 return 1; 924 } 925 } 926 927 928 /** 929 * Method used to update the account full name for a specific user. 930 * 931 * @access public 932 * @param integer $usr_id The user ID 933 * @return integer 1 if the update worked, -1 otherwise 934 */ 935 function updateFullName($usr_id) 936 { 937 $stmt = "UPDATE 938 " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "user 939 SET 940 usr_full_name='" . Misc::escapeString($_POST["full_name"]) . "' 941 WHERE 942 usr_id=" . Misc::escapeInteger($usr_id); 943 $res = $GLOBALS["db_api"]->dbh->query($stmt); 944 if (PEAR::isError($res)) { 945 Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); 946 return -1; 947 } else { 948 Notification::notifyUserAccount($usr_id); 949 return 1; 950 } 951 } 952 953 954 /** 955 * Method used to update the account email for a specific user. 956 * 957 * @access public 958 * @param integer $usr_id The user ID 959 * @return integer 1 if the update worked, -1 otherwise 960 */ 961 function updateEmail($usr_id) 962 { 963 $stmt = "UPDATE 964 " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "user 965 SET 966 usr_email='" . Misc::escapeString($_POST["email"]) . "' 967 WHERE 968 usr_id=" . Misc::escapeInteger($usr_id); 969 $res = $GLOBALS["db_api"]->dbh->query($stmt); 970 if (PEAR::isError($res)) { 971 Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); 972 return -1; 973 } else { 974 Notification::notifyUserAccount($usr_id); 975 return 1; 976 } 977 } 978 979 980 /** 981 * Method used to update the account details for a specific user. 982 * 983 * @access public 984 * @return integer 1 if the update worked, -1 otherwise 985 */ 986 function update() 987 { 988 // system account should not be updateable 989 if ($_POST["id"] == APP_SYSTEM_USER_ID) { 990 return 1; 991 } 992 993 $stmt = "UPDATE 994 " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "user 995 SET 996 usr_full_name='" . Misc::escapeString($_POST["full_name"]) . "', 997 usr_email='" . Misc::escapeString($_POST["email"]) . "'"; 998 if (!empty($_POST["password"])) { 999 $stmt .= ", 1000 usr_password='" . Auth::hashPassword($_POST["password"]) . "'"; 1001 } 1002 $stmt .= " 1003 WHERE 1004 usr_id=" . Misc::escapeInteger($_POST["id"]); 1005 $res = $GLOBALS["db_api"]->dbh->query($stmt); 1006 if (PEAR::isError($res)) { 1007 Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); 1008 return -1; 1009 } else { 1010 // update the project associations now 1011 $stmt = "DELETE FROM 1012 " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "project_user 1013 WHERE 1014 pru_usr_id=" . Misc::escapeInteger($_POST["id"]); 1015 $res = $GLOBALS["db_api"]->dbh->query($stmt); 1016 if (PEAR::isError($res)) { 1017 Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); 1018 return -1; 1019 } else { 1020 foreach ($_POST["role"] as $prj_id => $role) { 1021 if ($role < 1) { 1022 continue; 1023 } 1024 $stmt = "INSERT INTO 1025 " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "project_user 1026 ( 1027 pru_prj_id, 1028 pru_usr_id, 1029 pru_role 1030 ) VALUES ( 1031 " . $prj_id . ", 1032 " . Misc::escapeInteger($_POST["id"]) . ", 1033 " . $role . " 1034 )"; 1035 $res = $GLOBALS["db_api"]->dbh->query($stmt); 1036 if (PEAR::isError($res)) { 1037 Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); 1038 return -1; 1039 } 1040 } 1041 } 1042 if (!empty($_POST["password"])) { 1043 Notification::notifyUserPassword($_POST["id"], $_POST["password"]); 1044 } else { 1045 Notification::notifyUserAccount($_POST["id"]); 1046 } 1047 return 1; 1048 } 1049 } 1050 1051 1052 /** 1053 * Method used to add a new user to the system. 1054 * 1055 * @access public 1056 * @return integer 1 if the update worked, -1 otherwise 1057 */ 1058 function insert() 1059 { 1060 $projects = array(); 1061 foreach ($_POST["role"] as $prj_id => $role) { 1062 if ($role < 1) { 1063 continue; 1064 } 1065 $projects[] = $prj_id; 1066 } 1067 $prefs = Prefs::getDefaults($projects); 1068 $stmt = "INSERT INTO 1069 " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "user 1070 ( 1071 usr_customer_id, 1072 usr_customer_contact_id, 1073 usr_created_date, 1074 usr_password, 1075 usr_full_name, 1076 usr_email, 1077 usr_preferences 1078 ) VALUES ( 1079 NULL, 1080 NULL, 1081 '" . Date_API::getCurrentDateGMT() . "', 1082 '" . Auth::hashPassword(Misc::escapeString($_POST["password"])) . "', 1083 '" . Misc::escapeString($_POST["full_name"]) . "', 1084 '" . Misc::escapeString($_POST["email"]) . "', 1085 '" . Misc::escapeString($prefs) . "' 1086 )"; 1087 $res = $GLOBALS["db_api"]->dbh->query($stmt); 1088 if (PEAR::isError($res)) { 1089 Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); 1090 return -1; 1091 } else { 1092 $new_usr_id = $GLOBALS["db_api"]->get_last_insert_id(); 1093 // add the project associations! 1094 foreach ($_POST["role"] as $prj_id => $role) { 1095 if ($role < 1) { 1096 continue; 1097 } 1098 Project::associateUser($prj_id, $new_usr_id, $role); 1099 } 1100 // send email to user 1101 Notification::notifyNewUser($new_usr_id, $_POST["password"]); 1102 return 1; 1103 } 1104 } 1105 1106 1107 /** 1108 * Method used to get the list of users available in the system. 1109 * 1110 * @access public 1111 * @param boolean $show_customers Whether to return customers or not 1112 * @return array The list of users 1113 */ 1114 function getList($show_customers) 1115 { 1116 $stmt = "SELECT 1117 * 1118 FROM 1119 " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "user 1120 WHERE 1121 usr_id != " . APP_SYSTEM_USER_ID . " 1122 ORDER BY 1123 usr_status ASC, 1124 usr_full_name ASC"; 1125 $res = $GLOBALS["db_api"]->dbh->getAll($stmt, DB_FETCHMODE_ASSOC); 1126 if (PEAR::isError($res)) { 1127 Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); 1128 return ""; 1129 } else { 1130 $data = array(); 1131 $count = count($res); 1132 for ($i = 0; $i < $count; $i++) { 1133 $roles = Project::getAssocList($res[$i]['usr_id'], false, true); 1134 $role = current($roles); 1135 $role = $role['pru_role']; 1136 if (($show_customers == false) && ( 1137 ((@$roles[Auth::getCurrentProject()]['pru_role']) == User::getRoleID("Customer")) || 1138 ((count($roles) == 1) && ($role == User::getRoleID("Customer"))))) { 1139 continue; 1140 } 1141 $row = $res[$i]; 1142 $row["roles"] = $roles; 1143 if (!empty($res[$i]["usr_grp_id"])) { 1144 $row["group_name"] = Group::getName($res[$i]["usr_grp_id"]); 1145 } 1146 $data[] = $row; 1147 } 1148 return $data; 1149 } 1150 } 1151 1152 1153 /** 1154 * Method used to get an associative array of the user's email address and 1155 * user ID. 1156 * 1157 * @access public 1158 * @return array The list of users 1159 */ 1160 function getAssocEmailList() 1161 { 1162 static $emails; 1163 1164 if (!empty($emails)) { 1165 return $emails; 1166 } 1167 1168 $stmt = "SELECT 1169 LOWER(usr_email), 1170 usr_id 1171 FROM 1172 " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "user"; 1173 $res = $GLOBALS["db_api"]->dbh->getAssoc($stmt); 1174 if (PEAR::isError($res)) { 1175 Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); 1176 return ""; 1177 } else { 1178 $emails = $res; 1179 return $res; 1180 } 1181 } 1182 1183 1184 /** 1185 * Method used to get an associative array of the user ID and 1186 * full name of the users available in the system. 1187 * 1188 * @access public 1189 * @return array The list of users 1190 */ 1191 function getAssocList() 1192 { 1193 $stmt = "SELECT 1194 usr_id, 1195 usr_full_name 1196 FROM 1197 " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "user 1198 ORDER BY 1199 usr_full_name ASC"; 1200 $res = $GLOBALS["db_api"]->dbh->getAssoc($stmt); 1201 if (PEAR::isError($res)) { 1202 Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); 1203 return ""; 1204 } else { 1205 return $res; 1206 } 1207 } 1208 1209 1210 /** 1211 * Method used to get the full name and email for the specified 1212 * user. 1213 * 1214 * @access public 1215 * @param integer $usr_id The user ID 1216 * @return array The email and full name 1217 */ 1218 function getNameEmail($usr_id) 1219 { 1220 static $returns; 1221 1222 if (!empty($returns[$usr_id])) { 1223 return $returns[$usr_id]; 1224 } 1225 1226 $stmt = "SELECT 1227 usr_full_name, 1228 usr_email 1229 FROM 1230 " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "user 1231 WHERE 1232 usr_id=" . Misc::escapeInteger($usr_id); 1233 $res = $GLOBALS["db_api"]->dbh->getRow($stmt, DB_FETCHMODE_ASSOC); 1234 if (PEAR::isError($res)) { 1235 Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); 1236 return ""; 1237 } else { 1238 $returns[$usr_id] = $res; 1239 return $res; 1240 } 1241 } 1242 1243 1244 /** 1245 * Method used to get the appropriate 'From' header for a 1246 * specified user. 1247 * 1248 * @access public 1249 * @param integer $usr_id The user ID 1250 * @return string The formatted 'From' header 1251 */ 1252 function getFromHeader($usr_id) 1253 { 1254 $info = User::getNameEmail($usr_id); 1255 return $info["usr_full_name"] . " <" . $info["usr_email"] . ">"; 1256 } 1257 1258 1259 /** 1260 * Returns the list of all users who are currently marked as 1261 * clocked-in. 1262 * 1263 * @access public 1264 * @return array The list of clocked-in users 1265 */ 1266 function getClockedInList() 1267 { 1268 $stmt = "SELECT 1269 usr_full_name, 1270 usr_email 1271 FROM 1272 " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "user 1273 WHERE 1274 usr_clocked_in=1"; 1275 $res = $GLOBALS["db_api"]->dbh->getAssoc($stmt); 1276 if (PEAR::isError($res)) { 1277 Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); 1278 return array(); 1279 } else { 1280 return $res; 1281 } 1282 } 1283 1284 1285 /** 1286 * Marks a user as clocked in. 1287 * 1288 * @access public 1289 * @param int $usr_id The id of the user to clock out. 1290 */ 1291 function clockIn($usr_id) 1292 { 1293 $stmt = "UPDATE 1294 " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "user 1295 SET 1296 usr_clocked_in = 1 1297 WHERE 1298 usr_id = " . Misc::escapeInteger($usr_id); 1299 $res = $GLOBALS["db_api"]->dbh->query($stmt); 1300 if (PEAR::isError($res)) { 1301 Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); 1302 return -1; 1303 } 1304 return 1; 1305 } 1306 1307 1308 /** 1309 * Marks a user as clocked out. 1310 * 1311 * @access public 1312 * @param integer $usr_id The id of the user to clock out. 1313 */ 1314 function clockOut($usr_id) 1315 { 1316 $stmt = "UPDATE 1317 " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "user 1318 SET 1319 usr_clocked_in = 0 1320 WHERE 1321 usr_id = " . Misc::escapeInteger($usr_id); 1322 $res = $GLOBALS["db_api"]->dbh->query($stmt); 1323 if (PEAR::isError($res)) { 1324 Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); 1325 return -1; 1326 } 1327 return 1; 1328 } 1329 1330 1331 /** 1332 * Returns true if a user is clocked in. 1333 * 1334 * @access public 1335 * @param integer $usr_id The id of the user to clock out. 1336 * @return boolean True if the user is logged in, false otherwise 1337 */ 1338 function isClockedIn($usr_id) 1339 { 1340 $stmt = "SELECT 1341 usr_clocked_in 1342 FROM 1343 " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "user 1344 WHERE 1345 usr_id = " . Misc::escapeInteger($usr_id); 1346 $res = $GLOBALS["db_api"]->dbh->getOne($stmt); 1347 if (PEAR::isError($res)) { 1348 Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); 1349 return -1; 1350 } 1351 if ($res == 1) { 1352 return true; 1353 } else { 1354 return false; 1355 } 1356 } 1357 1358 1359 /** 1360 * Sets the group ID 1361 * 1362 * @access public 1363 * @param integer $usr_id The id of the user. 1364 * @param integer $grp_id The id of the group. 1365 */ 1366 function setGroupID($usr_id, $grp_id) 1367 { 1368 if ($grp_id == false) { 1369 $grp_id = 'null'; 1370 } else { 1371 $grp_id = Misc::escapeInteger($grp_id); 1372 } 1373 1374 $stmt = "UPDATE 1375 " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "user 1376 SET 1377 usr_grp_id = $grp_id 1378 WHERE 1379 usr_id = " . Misc::escapeInteger($usr_id); 1380 $res = $GLOBALS["db_api"]->dbh->query($stmt); 1381 if (PEAR::isError($res)) { 1382 Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); 1383 return -1; 1384 } 1385 return 1; 1386 } 1387 1388 1389 function getLang($usr_id, $force_refresh = false) 1390 { 1391 static $returns; 1392 1393 $usr_id = Misc::escapeInteger($usr_id); 1394 if ((empty($returns[$usr_id])) || ($force_refresh == true)) { 1395 $sql = "SELECT 1396 usr_lang 1397 FROM 1398 " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "user 1399 WHERE 1400 usr_id = $usr_id"; 1401 $res = $GLOBALS["db_api"]->dbh->getOne($sql); 1402 if (PEAR::isError($res)) { 1403 Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); 1404 return APP_DEFAULT_LOCALE; 1405 } else { 1406 if (empty($res)) { 1407 $res = APP_DEFAULT_LOCALE; 1408 } 1409 $returns[$usr_id] = $res; 1410 } 1411 } 1412 return $returns[$usr_id]; 1413 } 1414 1415 1416 function setLang($usr_id, $language) 1417 { 1418 $sql = "UPDATE 1419 " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "user 1420 SET 1421 usr_lang = '" . Misc::escapeString($language) . "' 1422 WHERE 1423 usr_id = " . Misc::escapeInteger($usr_id); 1424 $res = $GLOBALS["db_api"]->dbh->query($sql); 1425 if (PEAR::isError($res)) { 1426 Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); 1427 return false; 1428 } 1429 return true; 1430 } 1431 1432 1433 function setLocalizedRoles() 1434 { 1435 $GLOBALS['localized_roles'] = array( 1436 1 => ev_gettext("Viewer"), 1437 2 => ev_gettext("Reporter"), 1438 3 => ev_gettext("Customer"), 1439 4 => ev_gettext("Standard User"), 1440 5 => ev_gettext("Developer"), 1441 6 => ev_gettext("Manager"), 1442 7 => ev_gettext("Administrator") 1443 ); 1444 } 1445 1446 } 1447 1448 User::setLocalizedRoles(); 1449 1450 // benchmarking the included file (aka setup time) 1451 if (APP_BENCHMARK) { 1452 $GLOBALS['bench']->setMarker('Included User Class'); 1453 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Wed Dec 19 21:21:33 2007 | Cross-referenced by PHPXref 0.7 |