2 // +----------------------------------------------------------------------+
3 // | Anuko Time Tracker
4 // +----------------------------------------------------------------------+
5 // | Copyright (c) Anuko International Ltd. (https://www.anuko.com)
6 // +----------------------------------------------------------------------+
7 // | LIBERAL FREEWARE LICENSE: This source code document may be used
8 // | by anyone for any purpose, and freely redistributed alone or in
9 // | combination with other software, provided that the license is obeyed.
11 // | There are only two ways to violate the license:
13 // | 1. To redistribute this code in source form, with the copyright
14 // | notice or license removed or altered. (Distributing in compiled
15 // | forms without embedded copyright notices is permitted).
17 // | 2. To redistribute modified versions of this code in *any* form
18 // | that bears insufficient indications that the modifications are
19 // | not the work of the original author(s).
21 // | This license applies to this document only, not any other software
22 // | that it may be combined with.
24 // +----------------------------------------------------------------------+
26 // | https://www.anuko.com/time_tracker/credits.htm
27 // +----------------------------------------------------------------------+
29 import('ttUserHelper');
30 import('ttRoleHelper');
32 // ttRegistrator class is used to register a user in Time Tracker.
34 var $user_name = null; // User name.
35 var $login = null; // User login.
36 var $password = null; // User password.
37 var $email = null; // User email.
38 var $group_name = null; // Group name.
39 var $currency = null; // Currency.
40 var $lang = null; // Language.
41 var $created_by_id = null; // User, who uses the instance.
42 // Currently, there are 2 possibilities:
43 // 1) Self-registration, or null here.
44 // 2) Registration by admin with a user_id.
45 var $group_id = null; // Group id, set after we create a group.
46 var $org_id = null; // Organization id, the same as group_id (top group in org).
47 var $role_id = null; // Role id for top managers.
48 var $user_id = null; // User id after registration.
49 var $err = null; // Error object, passed to us as reference.
50 // We use it to communicate errors to caller.
53 function __construct($fields, &$err) {
54 $this->user_name = $fields['user_name'];
55 $this->login = $fields['login'];
56 $this->password1 = $fields['password1'];
57 $this->password2 = $fields['password2'];
58 $this->email = $fields['email'];
59 $this->group_name = $fields['group_name'];
60 $this->currency = $fields['currency'];
61 $this->lang = $fields['lang'];
62 if (!$this->lang) $this->lang = 'en';
63 $this->created_by_id = (int) $fields['created_by_id'];
66 // Validate passed in parameters.
73 if (!ttValidString($this->group_name))
74 $this->err->add($i18n->get('error.field'), $i18n->get('label.group_name'));
75 if (!ttValidString($this->currency, true))
76 $this->err->add($i18n->get('error.field'), $i18n->get('label.currency'));
77 if (!ttValidString($this->user_name))
78 $this->err->add($i18n->get('error.field'), $i18n->get('label.manager_name'));
79 if (!ttValidString($this->login))
80 $this->err->add($i18n->get('error.field'), $i18n->get('label.manager_login'));
81 if (!ttValidString($this->password1))
82 $this->err->add($i18n->get('error.field'), $i18n->get('label.password'));
83 if (!ttValidString($this->password2))
84 $this->err->add($i18n->get('error.field'), $i18n->get('label.confirm_password'));
85 if ($this->password1 !== $this->password2)
86 $this->err->add($i18n->get('error.not_equal'), $i18n->get('label.password'), $i18n->get('label.confirm_password'));
87 if (!ttValidEmail($this->email, true))
88 $this->err->add($i18n->get('error.field'), $i18n->get('label.email'));
89 if (!ttUserHelper::canAdd())
90 $this->err->add($i18n->get('error.user_count'));
93 // The register function registers a user in Time Tracker.
95 if ($this->err->yes()) return false; // There are errors, do not proceed.
100 // Protection from too many recent bot registrations from user IP.
101 if (!$this->created_by_id) { // No problems for logged in user (site admin).
102 if ($this->registeredRecently()) {
103 $this->err->add($i18n->get('error.access_denied'));
108 import('ttUserHelper');
109 if (ttUserHelper::getUserByLogin($this->login)) {
110 // User login already exists.
111 $this->err->add($i18n->get('error.user_exists'));
115 // Create a new group.
116 $this->group_id = $this->createGroup();
117 $this->org_id = $this->group_id;
118 if (!$this->group_id) {
119 $this->err->add($i18n->get('error.db'));
123 if (!ttRoleHelper::createPredefinedRoles($this->group_id, $this->lang)) {
124 $err->add($i18n->get('error.db'));
127 $this->role_id = ttRoleHelper::getTopManagerRoleID();
128 $this->user_id = $this->createUser();
130 if (!$this->user_id) {
131 $this->err->add($i18n->get('error.db'));
135 // Set created_by appropriately.
136 $created_by = $this->created_by_id ? $this->created_by_id : $this->user_id;
137 if (!$this->setCreatedBy($created_by))
143 // The createGroup function creates a group in Time Tracker as part
144 // of user registration process. This is a top group for user as top manager.
145 function createGroup() {
146 $mdb2 = getConnection();
148 $name = $mdb2->quote($this->group_name);
149 $currency = $mdb2->quote($this->currency);
150 $lang = $mdb2->quote($this->lang);
152 $created_ip = $mdb2->quote($_SERVER['REMOTE_ADDR']);
154 $sql = "insert into tt_groups (name, currency, lang, created, created_ip) values($name, $currency, $lang, $created, $created_ip)";
155 $affected = $mdb2->exec($sql);
156 if (is_a($affected, 'PEAR_Error')) return false;
158 $group_id = $mdb2->lastInsertID('tt_groups', 'id');
160 // Update org_id with group_id.
161 $sql = "update tt_groups set org_id = $group_id where org_id is NULL and id = $group_id";
162 $affected = $mdb2->exec($sql);
163 if (is_a($affected, 'PEAR_Error')) return false;
168 // The createUser creates a user in database as part of registration process.
169 function createUser() {
170 $mdb2 = getConnection();
172 $login = $mdb2->quote($this->login);
173 $password = 'md5('.$mdb2->quote($this->password1).')';
174 $name = $mdb2->quote($this->user_name);
175 $email = $mdb2->quote($this->email);
177 $created_ip = $mdb2->quote($_SERVER['REMOTE_ADDR']);
178 $values = "values($login, $password, $name, $this->group_id, $this->org_id, $this->role_id, $email, $created, $created_ip)";
180 $sql = 'insert into tt_users (login, password, name, group_id, org_id, role_id, email, created, created_ip) '.$values;
181 $affected = $mdb2->exec($sql);
182 if (!is_a($affected, 'PEAR_Error')) {
183 $user_id = $mdb2->lastInsertID('tt_users', 'id');
189 // The setCreatedBy sets created_by field for both group and user to passed in user_id.
190 private function setCreatedBy($user_id) {
191 if ($this->err->yes()) return false; // There are errors, do not proceed.
194 $mdb2 = getConnection();
197 $sql = "update tt_groups set created_by = $user_id where id = $this->group_id and org_id = $this->org_id";
198 $affected = $mdb2->exec($sql);
199 if (is_a($affected, 'PEAR_Error')) {
200 $this->err->add($i18n->get('error.db'));
204 // Update top manager.
205 $sql = "update tt_users set created_by = $user_id where id = $this->user_id and group_id = $this->group_id and org_id = $this->org_id";
206 $affected = $mdb2->exec($sql);
207 if (is_a($affected, 'PEAR_Error')) {
208 $this->err->add($i18n->get('error.db'));
215 // registeredRecently determines if we already have a successful recent registration from user IP.
216 // "recent" means "within the last minute" and is set in a query by the following condition:
217 // "and created > now() - interval 1 minute". Change if necessary.
218 function registeredRecently() {
219 $mdb2 = getConnection();
221 $ip_part = ' created_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']);
222 $sql = 'select created from tt_groups where '.$ip_part.' and created > now() - interval 1 minute';
223 $res = $mdb2->query($sql);
224 if (is_a($res, 'PEAR_Error'))
226 $val = $res->fetchRow();