X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=WEB-INF%2Flib%2FttUserHelper.class.php;h=521bc8b7a0a228b5cbaa04c3cc875a934a2a9517;hb=47676f16efdde0b36a4ed09d2ab0476584aeb2a6;hp=a1c89c0bfa8bcbebcfc376518dee885fd37fefba;hpb=9a23a8c0a51b7ec38a96f525484134f3cb85dc7e;p=timetracker.git diff --git a/WEB-INF/lib/ttUserHelper.class.php b/WEB-INF/lib/ttUserHelper.class.php index a1c89c0b..521bc8b7 100644 --- a/WEB-INF/lib/ttUserHelper.class.php +++ b/WEB-INF/lib/ttUserHelper.class.php @@ -30,26 +30,11 @@ import('ttTeamHelper'); // Class ttUserHelper contains helper functions for operations with users. class ttUserHelper { - - // The getUserDetails function returns user details. - static function getUserDetails($user_id) { - $result = array(); - $mdb2 = getConnection(); - $sql = "select * from tt_users where id = $user_id"; - $res = $mdb2->query($sql); - - if (!is_a($res, 'PEAR_Error')) { - $val = $res->fetchRow(); - return $val; - } - return false; - } - // The getUserName function returns user name. static function getUserName($user_id) { - $mdb2 = getConnection(); - + $mdb2 = getConnection(); + $sql = "select name from tt_users where id = $user_id and (status = 1 or status = 0)"; $res = $mdb2->query($sql); @@ -81,10 +66,10 @@ class ttUserHelper { $sql = "select login, count(*) as cnt from tt_users where email = ".$mdb2->quote($email)." and status = 1 group by email"; $res = $mdb2->query($sql); - - if (is_a($res, 'PEAR_Error')) + + if (is_a($res, 'PEAR_Error')) return false; - + $val = $res->fetchRow(); if (1 <> $val['cnt']) { // We either have no users or multiple users with a given email. @@ -92,11 +77,11 @@ class ttUserHelper { } return $val['login']; } - + // The getUserIdByTmpRef obtains user id from a temporary reference (used for password resets). static function getUserIdByTmpRef($ref) { $mdb2 = getConnection(); - + $sql = "select user_id from tt_tmp_refs where ref = ".$mdb2->quote($ref); $res = $mdb2->query($sql); @@ -109,14 +94,14 @@ class ttUserHelper { // insert - inserts a user into database. static function insert($fields, $hash = true) { - $mdb2 = getConnection(); + global $user; + $mdb2 = getConnection(); $password = $mdb2->quote($fields['password']); if($hash) $password = 'md5('.$password.')'; $email = isset($fields['email']) ? $fields['email'] : ''; - $team_id = (int) $fields['team_id']; - $role = (int) $fields['role']; + $group_id = (int) $fields['group_id']; $rate = str_replace(',', '.', isset($fields['rate']) ? $fields['rate'] : 0); if($rate == '') $rate = 0; @@ -124,12 +109,14 @@ class ttUserHelper { $status_f = ', status'; $status_v = ', '.$mdb2->quote($fields['status']); } + $created_ip_v = ', '.$mdb2->quote($_SERVER['REMOTE_ADDR']); + $created_by_v = ', '.$mdb2->quote($user->id); - $sql = "insert into tt_users (name, login, password, team_id, role, client_id, rate, email $status_f) values (". + $sql = "insert into tt_users (name, login, password, group_id, role_id, client_id, rate, email, created, created_ip, created_by $status_f) values (". $mdb2->quote($fields['name']).", ".$mdb2->quote($fields['login']). - ", $password, $team_id, $role, ".$mdb2->quote($fields['client_id']).", $rate, ".$mdb2->quote($email)." $status_v)"; + ", $password, $group_id, ".$mdb2->quote($fields['role_id']).", ".$mdb2->quote($fields['client_id']).", $rate, ".$mdb2->quote($email).", now() $created_ip_v $created_by_v $status_v)"; $affected = $mdb2->exec($sql); - + // Now deal with project assignment. if (!is_a($affected, 'PEAR_Error')) { $sql = "SELECT LAST_INSERT_ID() AS last_id"; @@ -154,12 +141,12 @@ class ttUserHelper { } return false; } - + // update - updates a user in database. static function update($user_id, $fields) { - global $user; + global $user; $mdb2 = getConnection(); - + // Check parameters. if (!$user_id || !isset($fields['login'])) return false; @@ -167,33 +154,35 @@ class ttUserHelper { // Prepare query parts. if (isset($fields['password'])) $pass_part = ', password = md5('.$mdb2->quote($fields['password']).')'; - if (right_assign_roles & $user->rights) { - if (isset($fields['role'])) { - $role = (int) $fields['role']; - $role_part = ", role = $role"; + if (in_array('manage_users', $user->rights)) { + if (isset($fields['role_id'])) { + $role_id = (int) $fields['role_id']; + $role_id_part = ", role_id = $role_id"; } if (array_key_exists('client_id', $fields)) // Could be NULL. $client_part = ", client_id = ".$mdb2->quote($fields['client_id']); } - + if (array_key_exists('rate', $fields)) { $rate = str_replace(',', '.', isset($fields['rate']) ? $fields['rate'] : 0); if($rate == '') $rate = 0; $rate_part = ", rate = ".$mdb2->quote($rate); } - + if (isset($fields['status'])) { $status = (int) $fields['status']; $status_part = ", status = $status"; } - + + $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$mdb2->quote($user->id); + $sql = "update tt_users set login = ".$mdb2->quote($fields['login']). "$pass_part, name = ".$mdb2->quote($fields['name']). - "$role_part $client_part $rate_part $status_part, email = ".$mdb2->quote($fields['email']). + "$role_id_part $client_part $rate_part $modified_part $status_part, email = ".$mdb2->quote($fields['email']). " where id = $user_id"; $affected = $mdb2->exec($sql); if (is_a($affected, 'PEAR_Error')) return false; - + if (array_key_exists('projects', $fields)) { // Deal with project assignments. // Note: we cannot simply delete old project binds and insert new ones because it screws up reporting @@ -202,9 +191,9 @@ class ttUserHelper { // otherwise de-activate the bind (set its status to inactive). This will keep the bind // and its rate in database for reporting. - $all_projects = ttTeamHelper::getAllProjects($user->team_id); + $all_projects = ttTeamHelper::getAllProjects($user->group_id); $assigned_projects = isset($fields['projects']) ? $fields['projects'] : array(); - + foreach($all_projects as $p) { // Determine if a project is assigned. $assigned = false; @@ -245,108 +234,14 @@ class ttUserHelper { } return true; } - - // markDeleted - marks user and its associated things as deleted. - static function markDeleted($user_id) { - $mdb2 = getConnection(); - global $user; - - // Preliminary checks. Only managers, co-managers, and admin can do this. - if (!$user->canManageTeam() && !$user->isAdmin()) - return false; - - // Tho logic is different depending on who is doint the operation. - // Co-manage and admin - mark user deleted. - // Manager - mark user deleted. If manager is the only account in team, mark team items deleted. - // admin part. - if ($user->isAdmin()) { - // Mark user binds as deleted. - $sql = "update tt_user_project_binds set status = NULL where user_id = $user_id"; - $affected = $mdb2->exec($sql); - if (is_a($affected, 'PEAR_Error')) - return false; - - // Mark user as deleted. - $sql = "update tt_users set status = NULL where id = $user_id"; - $affected = $mdb2->exec($sql); - if (is_a($affected, 'PEAR_Error')) - return false; - - } else if ($user->isCoManager()) { - // Mark user binds as deleted. - $sql = "update tt_user_project_binds set status = NULL where user_id = $user_id"; - $affected = $mdb2->exec($sql); - if (is_a($affected, 'PEAR_Error')) - return false; - - // Mark user as deleted. - $sql = "update tt_users set status = NULL where id = $user_id and team_id = ".$user->team_id; - $affected = $mdb2->exec($sql); - if (is_a($affected, 'PEAR_Error')) - return false; - - } else if ($user->isManager()) { - $user_count = ttTeamHelper::getUserCount($user->team_id); - - // Marking deleted a manager with active users is not allowed. - if (($user_id == $user->id) && ($user_count > 1)) - return false; - - if (1 == $user_count) { - // Mark tasks deleted. - if (!ttTeamHelper::markTasksDeleted($user->team_id)) - return false; - - // Mark projects deleted. - $sql = "update tt_projects set status = NULL where team_id = $user->team_id"; - $affected = $mdb2->exec($sql); - if (is_a($affected, 'PEAR_Error')) - return false; - - // Mark clients deleted. - $sql = "update tt_clients set status = NULL where team_id = $user->team_id"; - $affected = $mdb2->exec($sql); - if (is_a($affected, 'PEAR_Error')) - return false; - - // Mark custom fields deleted. - $sql = "update tt_custom_fields set status = NULL where team_id = $user->team_id"; - $affected = $mdb2->exec($sql); - if (is_a($affected, 'PEAR_Error')) - return false; - - // Mark team deleted. - $sql = "update tt_teams set status = NULL where id = $user->team_id"; - $affected = $mdb2->exec($sql); - if (is_a($affected, 'PEAR_Error')) - return false; - - } - - // Mark user binds as deleted. - $sql = "update tt_user_project_binds set status = NULL where user_id = $user_id"; - $affected = $mdb2->exec($sql); - if (is_a($affected, 'PEAR_Error')) - return false; - - // Mark user as deleted. - $sql = "update tt_users set status = NULL where id = $user_id and team_id = ".$user->team_id; - $affected = $mdb2->exec($sql); - if (is_a($affected, 'PEAR_Error')) - return false; - } - - return true; - } - // The delete function permanently deletes a user and all associated data. static function delete($user_id) { $mdb2 = getConnection(); // Delete custom field log entries for user, if we have them. - $sql = "delete from tt_custom_field_log where log_id in - (select id from tt_log where user_id = $user_id)"; + $sql = "delete from tt_custom_field_log where log_id in + (select id from tt_log where user_id = $user_id)"; $affected = $mdb2->exec($sql); if (is_a($affected, 'PEAR_Error')) return false; @@ -356,7 +251,7 @@ class ttUserHelper { $affected = $mdb2->exec($sql); if (is_a($affected, 'PEAR_Error')) return false; - + // Delete expense items for user. $sql = "delete from tt_expense_items where user_id = $user_id"; $affected = $mdb2->exec($sql); @@ -376,7 +271,7 @@ class ttUserHelper { return false; // Clean up tt_fav_reports table. - $sql = "delete from tt_fav_reports where user_id = $user_id"; + $sql = "delete from tt_fav_reports where user_id = $user_id"; $affected = $mdb2->exec($sql); if (is_a($affected, 'PEAR_Error')) return false; @@ -386,55 +281,55 @@ class ttUserHelper { $affected = $mdb2->exec($sql); if (is_a($affected, 'PEAR_Error')) return false; - + return true; } - + // The saveTmpRef saves a temporary reference for user that is used to reset user password. static function saveTmpRef($ref, $user_id) { $mdb2 = getConnection(); - - $sql = "delete from tt_tmp_refs where timestamp + 86400 < now()"; + + $sql = "delete from tt_tmp_refs where created < now() - interval 1 hour"; $affected = $mdb2->exec($sql); - $sql = "insert into tt_tmp_refs (ref, user_id) values(".$mdb2->quote($ref).", $user_id)"; + $sql = "insert into tt_tmp_refs (created, ref, user_id) values(now(), ".$mdb2->quote($ref).", $user_id)"; $affected = $mdb2->exec($sql); } - + // The setPassword function updates password for user. static function setPassword($user_id, $password) { $mdb2 = getConnection(); - + $sql = "update tt_users set password = md5(".$mdb2->quote($password).") where id = $user_id"; $affected = $mdb2->exec($sql); - + return (!is_a($affected, 'PEAR_Error')); } - + // insertBind - inserts a user to project bind into tt_user_project_binds table. static function insertBind($user_id, $project_id, $rate, $status) { $mdb2 = getConnection(); - + $sql = "insert into tt_user_project_binds (user_id, project_id, rate, status) values($user_id, $project_id, ".$mdb2->quote($rate).", $status)"; $affected = $mdb2->exec($sql); return (!is_a($affected, 'PEAR_Error')); } - + // deleteBind - deactivates user to project bind when time entries exist, - // otherwise deletes it entirely. + // otherwise deletes it entirely. static function deleteBind($user_id, $project_id) { $mdb2 = getConnection(); - + $sql = "select count(*) as cnt from tt_log where user_id = $user_id and project_id = $project_id and status = 1"; $res = $mdb2->query($sql); if (is_a($res, 'PEAR_Error')) die ($res->getMessage()); - + $count = 0; $val = $res->fetchRow(); $count = $val['cnt']; - + if ($count > 0) { // Deactivate user bind. $sql = "select id from tt_user_project_binds where user_id = $user_id and project_id = $project_id"; @@ -442,7 +337,7 @@ class ttUserHelper { if (is_a($res, 'PEAR_Error')) die ($res->getMessage()); if ($val = $res->fetchRow()) { $sql = "update tt_user_project_binds set status = 0 where id = ".$val['id']; - $affected = $mdb2->exec($sql); + $affected = $mdb2->exec($sql); if (is_a($affected, 'PEAR_Error')) die ($res->getMessage()); } } else { @@ -450,8 +345,16 @@ class ttUserHelper { $sql = "delete from tt_user_project_binds where user_id = $user_id and project_id = $project_id"; $affected = $mdb2->exec($sql); if (is_a($affected, 'PEAR_Error')) die ($res->getMessage()); - } + } return true; } + + // updateLastAccess - updates last access info for user in db. + static function updateLastAccess() { + global $user; + $mdb2 = getConnection(); + $accessed_ip = $mdb2->quote($_SERVER['REMOTE_ADDR']); + $sql = "update tt_users set accessed = now(), accessed_ip = $accessed_ip where id = $user->id"; + $mdb2->exec($sql); + } } -?> \ No newline at end of file