sql.users.class.inc

groupoffice

<?php
/**
* @copyright Intermesh 2003
* @author Merijn Schering <mschering@intermesh.nl>
* @version $Revision: 1.63 $ $Date: 2006/03/28 15:02:29 $3
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.
 */
 
 require_once($GO_CONFIG->class_path.'base/base.users.class.inc');
 
 /**
 * This is the SQL class of the user management class family
 *
 * @package Framework
 * @author   Merijn Schering <mschering@intermesh.nl>
 * @since    Group-Office 2.05
 */
 
class sql_users extends base_users
{
  /**
   * Calls the constructor of the parent users class
   *
   * @access public 
   * @return void
   */
	function sql_users()
	{
		$this->base_users();
	}

  /**
   * This function returns an array of the fields that can be used as search
   * criterias for users.
   * 
   * @access public 
   * @param void 
   * @return array
   */
	function get_search_fields() {
		global $strFirstName, $strLastName, $strEmail,
		$strCompany, $strDepartment, $strFunction,
		$strAddress, $strCity, $strZip, $strCountry, $strState,
		$strWorkAddress, $strWorkZip, $strWorkCity, $strWorkState,
		$strWorkCountry, $strSearchAll;
		
		$searchfields[] = array( '',  $strSearchAll );
		$searchfields[] = array( 'first_name',  $strFirstName );
		$searchfields[] = array( 'last_name',   $strLastName );
		$searchfields[] = array( 'email',	    $strEmail );
		$searchfields[] = array( 'company',	    $strCompany );
		$searchfields[] = array( 'department',  $strDepartment );
		$searchfields[] = array( 'function',    $strFunction );
		$searchfields[] = array( 'address',	    $strAddress );
		$searchfields[] = array( 'city',	    $strCity );
		$searchfields[] = array( 'zip',	    $strZip );
		$searchfields[] = array( 'state',	    $strState );
		$searchfields[] = array( 'country',	    $strCountry );
		$searchfields[] = array( 'work_address',$strWorkAddress );
		$searchfields[] = array( 'work_cip',    $strWorkZip );
		$searchfields[] = array( 'work_city',   $strWorkCity );
		$searchfields[] = array( 'work_state',  $strWorkState );
		$searchfields[] = array( 'work_country',$strWorkCountry );
		return $searchfields;
	}
	
  /**
   * This function searches for users with the given search field.
   * 
   * @access public
   * 
   * @param string $query
   * @param string $field
   * @param int $user_id
   * @param int $start
   * @param int $offset
   * 
   * @return array
   */
	function search($query, $field, $user_id=0, $start=0, $offset=0, $sort="name", $sort_direction='ASC')
	{
		if($sort == 'name')
		{
			if($_SESSION['GO_SESSION']['sort_name'] == 'first_name')
			{
				$sort = 'first_name ASC, last_name ';
			}else
			{
				$sort = 'last_name ASC, first_name ';
			}
		}			
		
		if($user_id > 0)
		{
				$sql = "SELECT DISTINCT users.* FROM users  INNER JOIN acl ON users.acl_id = acl.acl_id ".
				"LEFT JOIN users_groups ON acl.group_id = users_groups.group_id ".
				"WHERE (acl.user_id=$user_id ".
				"OR users_groups.user_id=$user_id) AND ";
		}else
		{
			$sql = "SELECT * FROM users WHERE ";
		}

		if($field == '')
		{
			$fields_sql = "SHOW FIELDS FROM users";
			$this->query($fields_sql);
			while($this->next_record())
			{
				if(eregi('varchar', $this->f('Type')))
				{
					if(isset($first))
					{
						$sql .= ' OR ';
					}else
					{
						$first = true;
						$sql .= '(';
					}
					$sql .= "users.".$this->f('Field')." LIKE '$query'";
				}
			}
			$sql .= ')';
		}else
		{
			$sql .= "$field LIKE '$query' ";
		}

		$sql .= " ORDER BY $sort $sort_direction";
		$this->query($sql);
		$count = $this->num_rows();

		if ($offset != 0)
		{
			$sql .= " LIMIT $start, $offset";
			$this->query($sql);
		}

		return $count;
	}

	function authorize($requesting_user_id, $authcode, $accepting_user_id)
	{
		global $GO_SECURITY;

		$this->query("SELECT acl_id, id FROM users WHERE authcode='".
				smart_addslashes($authcode)."' AND id='$requesting_user_id'");
		if ($this->next_record())
		{
			$acl_id = $this->f("acl_id");
			if (!$GO_SECURITY->user_in_acl($accepting_user_id, $acl_id))
			{
				if (!$GO_SECURITY->add_user_to_acl($accepting_user_id,$acl_id))
				{
					return false;
				}
			}
			$this->query("SELECT acl_id FROM users WHERE id='$accepting_user_id'");
			if ($this->next_record())
			{
				$acl_id = $this->f("acl_id");
				if (!$GO_SECURITY->user_in_acl($requesting_user_id, $acl_id))
				{
					if (!$GO_SECURITY->add_user_to_acl($requesting_user_id,$acl_id))
					{
						return false;
					}
				}
			}
			return true;
		}else
		{
			return false;
		}
	}

	function get_users($sort="name",$direction="ASC", $start=0, $offset=0)
	{
		if ($sort == 'name')
		{
			if(!isset($_SESSION['GO_SESSION']['sort_name']) ||  $_SESSION['GO_SESSION']['sort_name'] == 'first_name')
			{
				$sort = 'first_name '.$direction.', last_name';
			}else
			{
				$sort = 'last_name '.$direction.', first_name';
			}
			//      $sort = 'first_name '.$direction.', last_name';
		}
		$count=0;
		$this->query("SELECT id FROM users");
		if ($this->next_record())
		{
			$count = $this->num_rows();
		}

		if ($count > 0)
		{
			$sql = "SELECT * FROM users ORDER BY ".$sort." ".$direction;

			if ($offset != 0)
			{
				$sql .= " LIMIT $start,$offset";
			}
			$this->query($sql);
		}
		return $count;
	}

	function get_authorized_users($user_id, $sort="name",$direction="ASC")
	{
		if ($sort == 'users.name' || $sort=='name')
		{
			if($_SESSION['GO_SESSION']['sort_name'] == 'first_name')
			{
				$sort = 'users.first_name '.$direction.', users.last_name';
			}else
			{
				$sort = 'users.last_name '.$direction.', users.first_name';
			}
			//      $sort = 'users.first_name '.$direction.', users.last_name';
		}
		$sql = "SELECT DISTINCT users.* FROM users ".
		"INNER JOIN acl ON users.acl_id= acl.acl_id ".
		"LEFT JOIN users_groups ON (acl.group_id = users_groups.group_id) ".
		"WHERE users_groups.user_id=".$user_id." OR ".
		"acl.user_id = ".$user_id." ORDER BY ".$sort." ".$direction;

		$this->query($sql);
		return $this->num_rows();
	}

	function get_user_by_email($email)
	{
		$email = get_email_from_string($email);
		$sql = "SELECT * FROM users WHERE email='$email'";
		$this->query($sql);
		if ($this->next_record(MYSQL_ASSOC))
		{
			return $this->Record;
		}
		return false;
	}

	/*function get_user_id_by_email($email)
	{
		$sql = "SELECT id FROM users WHERE email='$email'";
		$this->query($sql);
		if ($this->next_record())
		{
			return $this->f("id");
		}
		return false;
	}*/

	function check_password($password)
	{
		$this->query("SELECT id FROM users WHERE password='".md5($password).
		"' AND id='".$_SESSION['GO_SESSION']['user_id']."'");
		if ($this->num_rows() > 0)
		{
			return true;
		}
		return false;
	}

	function get_user($user_id)
	{
		$sql = "SELECT * FROM users WHERE id='$user_id'";
		$this->query( $sql );
		if ($this->next_record(MYSQL_ASSOC))
		{
			return $this->Record;
		}
		return false;
	}
	
		/**
	 * This function updates all userdata based on the given parameters.
	 * 
	 * @access public
	 *
	 * @return bool True on success
	 */
	 
	function update_user(
		$user, 
		$user_groups=null, 
		$visible_user_groups=null, 
		$modules_read=null, 
		$modules_write=null)
	{
		global $GO_MODULES, $GO_SECURITY, $GO_GROUPS;
		
		if($this->update_profile($user))
		{
			$GO_MODULES->get_modules();
		  while ($GO_MODULES->next_record())
		  {
		  	if(isset($modules_read))
		  	{
			    $could_read = $GO_SECURITY->has_permission($user['id'], $GO_MODULES->f('acl_read'));
			    $can_read =  in_array($GO_MODULES->f('id'), $modules_read);

			    if ($could_read && !$can_read)
			    {
			      $GO_SECURITY->delete_user_from_acl($user['id'], $GO_MODULES->f('acl_read'));
			    }

			    if ($can_read && !$could_read)
			    {
			      $GO_SECURITY->add_user_to_acl($user['id'], $GO_MODULES->f('acl_read'));
			    }
			  }
				
				if(isset($modules_write))
				{
			    $could_write = $GO_SECURITY->has_permission($user['id'], $GO_MODULES->f('acl_write'));
			  	$can_write =  in_array($GO_MODULES->f('id'), $modules_write);

			    if ($could_write && !$can_write)
			    {
			      $GO_SECURITY->delete_user_from_acl($user['id'], $GO_MODULES->f('acl_write'));
			    }

			    if ($can_write && !$could_write)
			    {
			      $GO_SECURITY->add_user_to_acl($user['id'], $GO_MODULES->f('acl_write'));
			    }
			  }
		  }
			
			 //make sure we have user['acl_id']
			$user = $this->get_user($user['id']);
			
			
		  $GO_GROUPS->get_groups();
		  $groups2 = new $GLOBALS['go_groups_class']();
		  while($GO_GROUPS->next_record())
		  {
		  	if(isset($user_groups))
		  	{
			    $is_in_group = $groups2->is_in_group($user['id'], $GO_GROUPS->f('id'));
			    $should_be_in_group = in_array($GO_GROUPS->f('id'), $user_groups);

			    if ($is_in_group && !$should_be_in_group)
			    {
			      $groups2->delete_user_from_group($user['id'], $GO_GROUPS->f('id'));
			    }

			    if (!$is_in_group && $should_be_in_group)
			    {
			      $groups2->add_user_to_group($user['id'], $GO_GROUPS->f('id'));
			    }
			  }
		    
		    if(isset($visible_user_groups))
		  	{
	 		    $group_is_visible = $GO_SECURITY->group_in_acl($GO_GROUPS->f('id'), $user['acl_id']);
			    $group_should_be_visible = in_array($GO_GROUPS->f('id'), $visible_user_groups);
			    
			    if ($group_is_visible && !$group_should_be_visible)
			    {
			      $GO_SECURITY->delete_group_from_acl($GO_GROUPS->f('id'), $user['acl_id']);
			    }

			    if (!$group_is_visible  && $group_should_be_visible)
			    {
			      $GO_SECURITY->add_group_to_acl($GO_GROUPS->f('id'), $user['acl_id']);
			    }		    
			   }
		  }
			return true;
		}
		return false;
	}