} } if ($mode == 'manage') { if (Registry::get('runtime.company_id') && !empty($_REQUEST['user_type']) && ($_REQUEST['user_type'] == 'P' || $_REQUEST['user_type'] == 'A' && !fn_check_permission_manage_profiles('A'))) { return array(CONTROLLER_STATUS_DENIED); } if (!empty($_REQUEST['user_type']) && $_REQUEST['user_type'] == 'V' && fn_allowed_for('ULTIMATE')) { return array(CONTROLLER_STATUS_NO_PAGE); } list($users, $search) = fn_get_users($_REQUEST, $auth, Registry::get('settings.Appearance.admin_elements_per_page')); Tygh::$app['view']->assign('users', $users); Tygh::$app['view']->assign('search', $search); if (!empty($search['user_type'])) { Tygh::$app['view']->assign('user_type_description', fn_get_user_type_description($search['user_type'])); } $user_types = fn_get_user_types(); if (Registry::get('runtime.company_id') && fn_allowed_for("MULTIVENDOR")) { unset($user_types['C']); } if (fn_is_restricted_admin(array('user_type' => 'V'))) { unset($user_types['V']); } Tygh::$app['view']->assign('user_types', $user_types); Tygh::$app['view']->assign('countries', fn_get_simple_countries(true, CART_LANGUAGE)); Tygh::$app['view']->assign('states', fn_get_all_states()); Tygh::$app['view']->assign('usergroups', fn_get_usergroups(array('status' => array('A', 'H')), DESCR_SL)); } elseif ($mode == 'act_as_user' || $mode == 'view_product_as_user') { if (fn_is_restricted_admin($_REQUEST) == true) { return array(CONTROLLER_STATUS_DENIED); } $condition = '';
function fn_get_users($params, &$auth, $items_per_page = 0, $custom_view = '') { // Init filter $_view = !empty($custom_view) ? $custom_view : 'users'; $params = fn_init_view($_view, $params); // Set default values to input params $params['page'] = empty($params['page']) ? 1 : $params['page']; // Define fields that should be retrieved $fields = array("?:users.user_id", "?:users.user_login", "?:users.timestamp", "?:users.user_type", "?:users.status", "?:users.firstname", "?:users.lastname", "?:users.email", "?:users.company", "?:users.company_id", "?:companies.company as company_name"); // Define sort fields $sortings = array('id' => "?:users.user_id", 'username' => "?:users.user_login", 'email' => "?:users.email", 'name' => array("?:users.lastname", "?:users.firstname"), 'date' => "?:users.timestamp", 'type' => "?:users.user_type", 'status' => "?:users.status", 'company' => "company_name"); $directions = array('asc' => 'asc', 'desc' => 'desc'); $condition = $join = $group = ''; $group .= " GROUP BY ?:users.user_id"; if (isset($params['company']) && fn_string_no_empty($params['company'])) { $condition .= db_quote(" AND ?:users.company LIKE ?l", "%" . trim($params['company']) . "%"); } if (isset($params['name']) && fn_string_no_empty($params['name'])) { $arr = fn_explode(' ', $params['name']); foreach ($arr as $k => $v) { if (!fn_string_no_empty($v)) { unset($arr[$k]); } } if (sizeof($arr) == 2) { $condition .= db_quote(" AND (?:users.firstname LIKE ?l AND ?:users.lastname LIKE ?l)", "%" . array_shift($arr) . "%", "%" . array_shift($arr) . "%"); } else { $condition .= db_quote(" AND (?:users.firstname LIKE ?l OR ?:users.lastname LIKE ?l)", "%" . trim($params['name']) . "%", "%" . trim($params['name']) . "%"); } } if (isset($params['user_login']) && fn_string_no_empty($params['user_login'])) { $condition .= db_quote(" AND ?:users.user_login LIKE ?l", "%" . trim($params['user_login']) . "%"); } if (!empty($params['tax_exempt'])) { $condition .= db_quote(" AND ?:users.tax_exempt = ?s", $params['tax_exempt']); } if (isset($params['usergroup_id']) && $params['usergroup_id'] != ALL_USERGROUPS) { if (!empty($params['usergroup_id'])) { $join .= db_quote(" LEFT JOIN ?:usergroup_links ON ?:usergroup_links.user_id = ?:users.user_id AND ?:usergroup_links.usergroup_id = ?i", $params['usergroup_id']); $condition .= " AND ?:usergroup_links.status = 'A'"; } else { $join .= " LEFT JOIN ?:usergroup_links ON ?:usergroup_links.user_id = ?:users.user_id AND ?:usergroup_links.status = 'A'"; $condition .= " AND ?:usergroup_links.user_id IS NULL"; } } if (!empty($params['status'])) { $condition .= db_quote(" AND ?:users.status = ?s", $params['status']); } if (isset($params['email']) && fn_string_no_empty($params['email'])) { $condition .= db_quote(" AND ?:users.email LIKE ?l", "%" . trim($params['email']) . "%"); } if (isset($params['address']) && fn_string_no_empty($params['address'])) { $condition .= db_quote(" AND (?:user_profiles.b_address LIKE ?l OR ?:user_profiles.s_address LIKE ?l)", "%" . trim($params['address']) . "%", "%" . trim($params['address']) . "%"); } if (isset($params['zipcode']) && fn_string_no_empty($params['zipcode'])) { $condition .= db_quote(" AND (?:user_profiles.b_zipcode LIKE ?l OR ?:user_profiles.s_zipcode LIKE ?l)", "%" . trim($params['zipcode']) . "%", "%" . trim($params['zipcode']) . "%"); } if (!empty($params['country'])) { $condition .= db_quote(" AND (?:user_profiles.b_country LIKE ?l OR ?:user_profiles.s_country LIKE ?l)", "%{$params['country']}%", "%{$params['country']}%"); } if (isset($params['state']) && fn_string_no_empty($params['state'])) { $condition .= db_quote(" AND (?:user_profiles.b_state LIKE ?l OR ?:user_profiles.s_state LIKE ?l)", "%" . trim($params['state']) . "%", "%" . trim($params['state']) . "%"); } if (isset($params['city']) && fn_string_no_empty($params['city'])) { $condition .= db_quote(" AND (?:user_profiles.b_city LIKE ?l OR ?:user_profiles.s_city LIKE ?l)", "%" . trim($params['city']) . "%", "%" . trim($params['city']) . "%"); } if (!empty($params['user_type'])) { $condition .= db_quote(' AND ?:users.user_type = ?s', $params['user_type']); } if (!empty($params['user_id'])) { $condition .= db_quote(' AND ?:users.user_id IN (?n)', $params['user_id']); } if (!empty($params['exclude_user_types'])) { $condition .= db_quote(" AND ?:users.user_type NOT IN (?a)", $params['exclude_user_types']); } if (defined('COMPANY_ID')) { if (empty($params['user_type']) || !empty($params['user_type']) && $params['user_type'] == 'C' || !empty($params['exclude_user_types']) && !in_array('C', $params['exclude_user_types'])) { $_cond = db_quote("(?:users.user_type = 'A' && ?:users.company_id = ?i)", COMPANY_ID); $company_customers = db_get_fields("SELECT user_id FROM ?:orders WHERE company_id = ?i", COMPANY_ID); if ($company_customers) { $_cond = db_quote("((?:users.user_type = 'C' && ?:users.user_id IN (?n)) OR {$_cond})", $company_customers); } $condition .= " AND {$_cond} "; } else { $condition .= fn_get_company_condition('?:users.company_id'); } } if (!empty($params['p_ids']) || !empty($params['product_view_id'])) { $arr = strpos($params['p_ids'], ',') !== false || !is_array($params['p_ids']) ? explode(',', $params['p_ids']) : $params['p_ids']; if (empty($params['product_view_id'])) { $condition .= db_quote(" AND ?:order_details.product_id IN (?n)", $arr); } else { $condition .= db_quote(" AND ?:order_details.product_id IN (?n)", db_get_fields(fn_get_products(array('view_id' => $params['product_view_id'], 'get_query' => true)))); } $join .= db_quote(" LEFT JOIN ?:orders ON ?:orders.user_id = ?:users.user_id LEFT JOIN ?:order_details ON ?:order_details.order_id = ?:orders.order_id"); } if (defined('RESTRICTED_ADMIN')) { // FIXME: NOT GOOD $condition .= db_quote(" AND (?:users.user_type != 'A' || (?:users.user_type = 'A' AND ?:users.user_id = ?i))", $auth['user_id']); } $active_user_types = fn_get_user_types(); $condition .= db_quote(" AND ?:users.user_type IN(?a)", array_keys($active_user_types)); $join .= db_quote(" LEFT JOIN ?:user_profiles ON ?:user_profiles.user_id = ?:users.user_id"); $join .= db_quote(" LEFT JOIN ?:companies ON ?:companies.company_id = ?:users.company_id"); fn_set_hook('get_users', $params, $fields, $sortings, $condition, $join); if (empty($params['sort_order']) || empty($directions[$params['sort_order']])) { $params['sort_order'] = 'asc'; } if (empty($params['sort_by']) || empty($sortings[$params['sort_by']])) { $params['sort_by'] = 'name'; } $sorting = (is_array($sortings[$params['sort_by']]) ? implode(' ' . $directions[$params['sort_order']] . ', ', $sortings[$params['sort_by']]) : $sortings[$params['sort_by']]) . " " . $directions[$params['sort_order']]; // Reverse sorting (for usage in view) $params['sort_order'] = $params['sort_order'] == 'asc' ? 'desc' : 'asc'; // Paginate search results $limit = ''; if (!empty($items_per_page)) { $total = db_get_field("SELECT COUNT(DISTINCT(?:users.user_id)) FROM ?:users {$join} WHERE 1 {$condition}"); $limit = fn_paginate($params['page'], $total, $items_per_page); } $users = db_get_array("SELECT " . implode(', ', $fields) . " FROM ?:users {$join} WHERE 1 {$condition} {$group} ORDER BY {$sorting} {$limit}"); return array($users, $params); }
/** * Getting users list * * @param array $params Params list * @param array $auth Auth * @param int $items_per_page Items per page * @param str $custom_view Custom view * @return array */ function fn_get_users($params, &$auth, $items_per_page = 0, $custom_view = '') { /** * Actions before getting users list * * @param array $params Params list * @param array $auth Auth data * @param int $items_per_page Items per page * @param str $custom_view Custom view */ fn_set_hook('get_users_pre', $params, $auth, $items_per_page, $custom_view); // Init filter $_view = !empty($custom_view) ? $custom_view : 'users'; $params = LastView::instance()->update($_view, $params); // Set default values to input params $default_params = array('page' => 1, 'items_per_page' => $items_per_page); $params = array_merge($default_params, $params); // Define fields that should be retrieved $fields = array("?:users.user_id", "?:users.user_login", "?:users.is_root", "?:users.timestamp", "?:users.user_type", "?:users.status", "?:users.firstname", "?:users.lastname", "?:users.email", "?:users.company", "?:users.company_id", "?:companies.company as company_name"); // Define sort fields $sortings = array('id' => "?:users.user_id", 'username' => "?:users.user_login", 'email' => "?:users.email", 'name' => array("?:users.lastname", "?:users.firstname"), 'date' => "?:users.timestamp", 'type' => "?:users.user_type", 'status' => "?:users.status", 'company' => "company_name"); if (isset($params['compact']) && $params['compact'] == 'Y') { $union_condition = ' OR '; } else { $union_condition = ' AND '; } $condition = array(); $join = $group = ''; $group .= " GROUP BY ?:users.user_id"; if (isset($params['company']) && fn_string_not_empty($params['company'])) { $condition['company'] = db_quote(" AND ?:users.company LIKE ?l", "%" . trim($params['company']) . "%"); } if (isset($params['name']) && fn_string_not_empty($params['name'])) { $arr = fn_explode(' ', $params['name']); foreach ($arr as $k => $v) { if (!fn_string_not_empty($v)) { unset($arr[$k]); } } if (sizeof($arr) == 2) { $condition['name'] = db_quote(" AND (?:users.firstname LIKE ?l AND ?:users.lastname LIKE ?l)", "%" . array_shift($arr) . "%", "%" . array_shift($arr) . "%"); } else { $condition['name'] = db_quote(" AND (?:users.firstname LIKE ?l OR ?:users.lastname LIKE ?l)", "%" . trim($params['name']) . "%", "%" . trim($params['name']) . "%"); } } if (isset($params['user_login']) && fn_string_not_empty($params['user_login'])) { $condition['user_login'] = db_quote(" {$union_condition} ?:users.user_login LIKE ?l", "%" . trim($params['user_login']) . "%"); } if (!empty($params['tax_exempt'])) { $condition['tax_exempt'] = db_quote(" AND ?:users.tax_exempt = ?s", $params['tax_exempt']); } if (!fn_allowed_for('ULTIMATE:FREE')) { if (isset($params['usergroup_id']) && $params['usergroup_id'] != ALL_USERGROUPS) { if (!empty($params['usergroup_id'])) { $join .= db_quote(" LEFT JOIN ?:usergroup_links ON ?:usergroup_links.user_id = ?:users.user_id AND ?:usergroup_links.usergroup_id = ?i", $params['usergroup_id']); $condition['usergroup_links'] = " AND ?:usergroup_links.status = 'A'"; } else { $join .= " LEFT JOIN ?:usergroup_links ON ?:usergroup_links.user_id = ?:users.user_id AND ?:usergroup_links.status = 'A'"; $condition['usergroup_links'] = " AND ?:usergroup_links.user_id IS NULL"; } } } if (!empty($params['status'])) { $condition['status'] = db_quote(" AND ?:users.status = ?s", $params['status']); } if (isset($params['email']) && fn_string_not_empty($params['email'])) { $condition['email'] = db_quote(" {$union_condition} ?:users.email LIKE ?l", "%" . trim($params['email']) . "%"); } if (isset($params['address']) && fn_string_not_empty($params['address'])) { $condition['address'] = db_quote(" AND (?:user_profiles.b_address LIKE ?l OR ?:user_profiles.s_address LIKE ?l)", "%" . trim($params['address']) . "%", "%" . trim($params['address']) . "%"); } if (isset($params['zipcode']) && fn_string_not_empty($params['zipcode'])) { $condition['zipcode'] = db_quote(" AND (?:user_profiles.b_zipcode LIKE ?l OR ?:user_profiles.s_zipcode LIKE ?l)", "%" . trim($params['zipcode']) . "%", "%" . trim($params['zipcode']) . "%"); } if (!empty($params['country'])) { $condition['country'] = db_quote(" AND (?:user_profiles.b_country LIKE ?l OR ?:user_profiles.s_country LIKE ?l)", "%{$params['country']}%", "%{$params['country']}%"); } if (isset($params['state']) && fn_string_not_empty($params['state'])) { $condition['state'] = db_quote(" AND (?:user_profiles.b_state LIKE ?l OR ?:user_profiles.s_state LIKE ?l)", "%" . trim($params['state']) . "%", "%" . trim($params['state']) . "%"); } if (isset($params['city']) && fn_string_not_empty($params['city'])) { $condition['city'] = db_quote(" AND (?:user_profiles.b_city LIKE ?l OR ?:user_profiles.s_city LIKE ?l)", "%" . trim($params['city']) . "%", "%" . trim($params['city']) . "%"); } if (!empty($params['user_id'])) { $condition['user_id'] = db_quote(' AND ?:users.user_id IN (?n)', $params['user_id']); } if (!empty($params['p_ids']) || !empty($params['product_view_id'])) { $arr = strpos($params['p_ids'], ',') !== false || !is_array($params['p_ids']) ? explode(',', $params['p_ids']) : $params['p_ids']; if (empty($params['product_view_id'])) { $condition['order_product_id'] = db_quote(" AND ?:order_details.product_id IN (?n)", $arr); } else { $condition['order_product_id'] = db_quote(" AND ?:order_details.product_id IN (?n)", db_get_fields(fn_get_products(array('view_id' => $params['product_view_id'], 'get_query' => true)))); } $join .= db_quote(" LEFT JOIN ?:orders ON ?:orders.user_id = ?:users.user_id AND ?:orders.is_parent_order != 'Y' LEFT JOIN ?:order_details ON ?:order_details.order_id = ?:orders.order_id"); } if (defined('RESTRICTED_ADMIN')) { // FIXME: NOT GOOD $condition['restricted_admin'] = db_quote(" AND ((?:users.user_type != 'A' AND ?:users.user_type != 'V') OR (?:users.user_type = 'A' AND ?:users.user_id = ?i))", $auth['user_id']); } // sometimes other vendor's admins could buy products from other vendors. if (!empty($params['user_type']) && (!($params['user_type'] == 'C' && Registry::get('runtime.company_id')) || fn_allowed_for('ULTIMATE'))) { $condition['user_type'] = db_quote(' AND ?:users.user_type = ?s', $params['user_type']); } else { // Get active user types $user_types = array_keys(fn_get_user_types()); // Select only necessary groups frm all available if (!empty($params['user_types'])) { $user_types = array_intersect($user_types, $params['user_types']); } if (!empty($params['exclude_user_types'])) { $user_types = array_diff($user_types, $params['exclude_user_types']); } $condition['user_type'] = db_quote(" AND ?:users.user_type IN(?a)", $user_types); } $join .= db_quote(" LEFT JOIN ?:user_profiles ON ?:user_profiles.user_id = ?:users.user_id"); $join .= db_quote(" LEFT JOIN ?:companies ON ?:companies.company_id = ?:users.company_id"); /** * Prepare params for getting users query * * @param array $params Params list * @param array $fields Fields list * @param array $sortings Sorting variants * @param array $condition Conditions set * @param str $join Joins list * @param array $auth Auth data */ fn_set_hook('get_users', $params, $fields, $sortings, $condition, $join, $auth); $sorting = db_sort($params, $sortings, 'name', 'asc'); // Used for Extended search if (!empty($params['get_conditions'])) { return array($fields, $join, $condition); } // Paginate search results $limit = ''; if (!empty($params['items_per_page'])) { $params['total_items'] = db_get_field("SELECT COUNT(DISTINCT(?:users.user_id)) FROM ?:users {$join} WHERE 1 " . implode(' ', $condition)); $limit = db_paginate($params['page'], $params['items_per_page'], $params['total_items']); } $users = db_get_array("SELECT " . implode(', ', $fields) . " FROM ?:users {$join} WHERE 1" . implode('', $condition) . " {$group} {$sorting} {$limit}"); LastView::instance()->processResults('users', $users, $params); /** * Actions after getting users list * * @param array $users Users list * @param array $params Params list * @param array $auth Auth data */ fn_set_hook('get_users_post', $users, $params, $auth); return array($users, $params); }
$_SESSION['export_ranges']['users'] = array('pattern_id' => 'users'); } $_SESSION['export_ranges']['users']['data'] = array('user_id' => $_REQUEST['user_ids']); unset($_REQUEST['redirect_url']); return array(CONTROLLER_STATUS_REDIRECT, "exim.export?section=users&pattern_id=" . $_SESSION['export_ranges']['users']['pattern_id']); } } } if ($mode == 'manage') { list($users, $search) = fn_get_users($_REQUEST, $auth, Registry::get('settings.Appearance.admin_elements_per_page')); $view->assign('users', $users); $view->assign('search', $search); if (!empty($search['user_type'])) { $view->assign('user_type_description', fn_get_user_type_description($search['user_type'])); } $view->assign('user_types', fn_get_user_types()); $view->assign('countries', fn_get_countries(CART_LANGUAGE, true)); $view->assign('states', fn_get_all_states()); $view->assign('usergroups', fn_get_usergroups('F', DESCR_SL)); } elseif ($mode == 'act_as_user') { if (fn_is_restricted_admin($_REQUEST) == true) { return array(CONTROLLER_STATUS_DENIED); } $condition = fn_get_company_condition(); $user_data = db_get_row("SELECT * FROM ?:users WHERE user_id = ?i {$condition}", $_REQUEST['user_id']); if (!empty($user_data)) { $user_type = empty($_REQUEST['area']) ? $user_data['user_type'] == 'A' ? 'A' : 'C' : $_REQUEST['area']; // 'area' variable was used for loging in to the area different from the user type. $sess_data = array('auth' => fn_fill_auth($user_data, array(), true, $user_type)); fn_init_user_session_data($sess_data, $_REQUEST['user_id']); Session::save(Session::get_id(), $sess_data, $user_type);