From 725af06a89e5a7014dfdc9081222f313a58a6bb6 Mon Sep 17 00:00:00 2001
From: Nik Okuntseff <support@anuko.com>
Date: Fri, 9 Nov 2018 19:24:35 +0000
Subject: [PATCH] Some refactoring and cleanup in ttRegistrator class.

---
 WEB-INF/lib/ttRegistrator.class.php | 21 ++++++++++++++-------
 WEB-INF/templates/footer.tpl        |  2 +-
 admin_group_add.php                 |  5 ++---
 3 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/WEB-INF/lib/ttRegistrator.class.php b/WEB-INF/lib/ttRegistrator.class.php
index c206881d..8e755837 100644
--- a/WEB-INF/lib/ttRegistrator.class.php
+++ b/WEB-INF/lib/ttRegistrator.class.php
@@ -35,7 +35,12 @@ class ttRegistrator {
   var $group_name = null; // Group name.
   var $currency = null;   // Currency.
   var $lang = null;       // Language.
+  var $created_by_id = null; // User, who uses the instance.
+                             // Currently, there are 2 possibilities:
+                             // 1) Self-registration, or null here.
+                             // 2) Registration by admin with a user_id.
   var $group_id = null;   // Group id, set after we create a group.
+  var $org_id = null;     // Organization id, the same as group_id (top group in org).
   var $role_id = null;    // Role id for top managers.
   var $user_id = null;    // User id after registration.
   var $err = null;        // Error object, passed to us as reference.
@@ -52,6 +57,7 @@ class ttRegistrator {
     $this->currency = $fields['currency'];
     $this->lang = $fields['lang'];
     if (!$this->lang) $this->lang = 'en';
+    $this->created_by_id = (int) $fields['created_by_id'];
     $this->err = $err;
 
     // Validate passed in parameters.
@@ -87,7 +93,7 @@ class ttRegistrator {
     global $user;
 
     // Protection from too many recent bot registrations from user IP.
-    if (!$user->can('administer_site')) { // No problems for site admin.
+    if (!$this->created_by_id) { // No problems for logged in user (site admin).
       if ($this->registeredRecently()) {
         $this->err->add($i18n->get('error.access_denied'));
         return false;
@@ -103,6 +109,7 @@ class ttRegistrator {
 
     // Create a new group.
     $this->group_id = $this->createGroup();
+    $this->org_id = $this->group_id;
     if (!$this->group_id) {
       $this->err->add($i18n->get('error.db'));
       return false;
@@ -121,8 +128,8 @@ class ttRegistrator {
       return false;
     }
 
-    // Set created_by appropriately (admin or self).
-    $created_by = $user->can('administer_site') ? $user->id : $this->user_id;
+    // Set created_by appropriately.
+    $created_by = $this->created_by_id ? $this->created_by_id : $this->user_id;
     if (!$this->setCreatedBy($created_by))
       return false;
 
@@ -164,7 +171,7 @@ class ttRegistrator {
     $email = $mdb2->quote($this->email);
     $created = 'now()';
     $created_ip = $mdb2->quote($_SERVER['REMOTE_ADDR']);
-    $values = "values($login, $password, $name, $this->group_id, $this->group_id, $this->role_id, $email, $created, $created_ip)";
+    $values = "values($login, $password, $name, $this->group_id, $this->org_id, $this->role_id, $email, $created, $created_ip)";
 
     $sql = 'insert into tt_users (login, password, name, group_id, org_id, role_id, email, created, created_ip) '.$values;
     $affected = $mdb2->exec($sql);
@@ -176,14 +183,14 @@ class ttRegistrator {
   }
 
   // The setCreatedBy sets created_by field for both group and user to passed in user_id.
-  function setCreatedBy($user_id) {
+  private function setCreatedBy($user_id) {
     if ($this->err->yes()) return false; // There are errors, do not proceed.
 
     global $i18n;
     $mdb2 = getConnection();
 
     // Update group.
-    $sql = "update tt_groups set created_by = $user_id where id = $this->group_id";
+    $sql = "update tt_groups set created_by = $user_id where id = $this->group_id and org_id = $this->org_id";
     $affected = $mdb2->exec($sql);
     if (is_a($affected, 'PEAR_Error')) {
       $this->err->add($i18n->get('error.db'));
@@ -191,7 +198,7 @@ class ttRegistrator {
     }
 
     // Update top manager.
-    $sql = "update tt_users set created_by = $user_id where id = $this->user_id and group_id = $this->group_id";
+    $sql = "update tt_users set created_by = $user_id where id = $this->user_id and group_id = $this->group_id and org_id = $this->org_id";
     $affected = $mdb2->exec($sql);
     if (is_a($affected, 'PEAR_Error')) {
       $this->err->add($i18n->get('error.db'));
diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl
index 67fbea43..fd5880c7 100644
--- a/WEB-INF/templates/footer.tpl
+++ b/WEB-INF/templates/footer.tpl
@@ -12,7 +12,7 @@
       <br>
       <table cellspacing="0" cellpadding="4" width="100%" border="0">
         <tr>
-          <td align="center">&nbsp;Anuko Time Tracker 1.18.12.4397 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+          <td align="center">&nbsp;Anuko Time Tracker 1.18.12.4398 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
             <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
             <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
             <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
diff --git a/admin_group_add.php b/admin_group_add.php
index 71dde8a0..e40be98e 100644
--- a/admin_group_add.php
+++ b/admin_group_add.php
@@ -100,14 +100,13 @@ if ($request->isPost()) {
     'email' => $cl_manager_email,
     'group_name' => $cl_group_name,
     'currency' => CURRENCY_DEFAULT,
-    'lang' => $cl_lang);
+    'lang' => $cl_lang,
+    'created_by_id' => $user->id);
 
   // Create an instance of ttRegistrator class.
   import('ttRegistrator');
   $registrator = new ttRegistrator($fields, $err);
   $registrator->register();
-  // $registrator->setCreatedBy($user->id); // Override created_by to admin account.
-  // TODO: redo ttRegistrator class by passing in created_by_id in $fields to keep code straightforward.
   if ($err->no()) {
     header('Location: admin_groups.php');
     exit();
-- 
2.20.1