/**
  * Search users
  * Static function.
  *
  * @param string search : search user by lastname, firstname or login
  * @param string letter : search user by first lastname letter
  * @param integer group : search user by group ID
  * @param string order : order by fieldname (without suffix). default : lastname, firstname
  * @param integer start : search start offset
  * @param integer limit : search limit (default : 0 : unlimited)
  * @param boolean activeOnly : return only active users (default : false)
  * @param boolean returnObjects : return CMS_profile_user objects (default) or array of userId
  * @return array(CMS_profile_user)
  * @access public
  */
 static function search($search = '', $letter = '', $group = '', $order = '', $direction = 'asc', $start = 0, $limit = 0, $activeOnly = false, $returnObjects = true, &$score = array())
 {
     $start = (int) $start;
     $limit = (int) $limit;
     $group = (int) $group;
     $direction = in_array(io::strtolower($direction), array('asc', 'desc')) ? io::strtolower($direction) : 'asc';
     $keywordsWhere = $letterWhere = $groupWhere = $orderBy = $orderClause = $idWhere = '';
     $select = 'id_pru';
     if (io::strpos($search, ':noroot:') !== false) {
         $idWhere = " and id_pru != '" . ROOT_PROFILEUSER_ID . "'";
         $search = trim(str_replace(':noroot:', '', $search));
     }
     if (io::substr($search, 0, 5) == 'user:'******'" . sensitiveIO::sanitizeSQLString(io::substr($search, 5)) . "'";
         $search = '';
     }
     if (io::substr($search, 0, 6) == 'group:' && sensitiveIO::isPositiveInteger(io::substr($search, 6))) {
         $group = io::substr($search, 6);
         $search = '';
     }
     if ($search) {
         //clean user keywords (never trust user input, user is evil)
         $keyword = strtr($search, ",;", "  ");
         $words = array();
         $words = array_map("trim", array_unique(explode(" ", io::strtolower($keyword))));
         $cleanedWords = array();
         foreach ($words as $aWord) {
             if ($aWord && $aWord != '' && io::strlen($aWord) >= 3) {
                 $aWord = str_replace(array('%', '_'), array('\\%', '\\_'), $aWord);
                 if (htmlentities($aWord) != $aWord) {
                     $cleanedWords[] = htmlentities($aWord);
                 }
                 $cleanedWords[] = $aWord;
             }
         }
         if (!$cleanedWords) {
             //if no words after cleaning, return
             return array();
         }
         foreach ($cleanedWords as $cleanedWord) {
             $keywordsWhere .= $keywordsWhere ? " and " : '';
             $keywordsWhere .= " (\n\t\t\t\t\tlastName_pru like '%" . sensitiveIO::sanitizeSQLString($cleanedWord) . "%'\n\t\t\t\t\tor firstName_pru like '%" . sensitiveIO::sanitizeSQLString($cleanedWord) . "%'\n\t\t\t\t\tor login_pru like '%" . sensitiveIO::sanitizeSQLString($cleanedWord) . "%'\n\t\t\t\t)";
         }
         $keywordsWhere = ' and ((' . $keywordsWhere . ')';
         $select .= " , MATCH (lastName_pru, firstName_pru, login_pru) AGAINST ('" . sensitiveIO::sanitizeSQLString($search) . "') as m ";
         $keywordsWhere .= " or MATCH (lastName_pru, firstName_pru, login_pru) AGAINST ('" . sensitiveIO::sanitizeSQLString($search) . "') )";
     }
     if ($letter && io::strlen($letter) === 1) {
         $letterWhere = " and lastName_pru like '" . sensitiveIO::sanitizeSQLString($letter) . "%'";
     }
     if ($group) {
         $groupUsers = CMS_profile_usersGroupsCatalog::getGroupUsers($group, false);
         if (!$groupUsers) {
             return array();
         }
         $groupWhere = " and id_pru in (" . implode(',', $groupUsers) . ")";
     }
     if ($order != 'score') {
         if ($order) {
             $found = false;
             $sql = "DESCRIBE profilesUsers";
             $q = new CMS_query($sql);
             while ($field = $q->getValue('Field')) {
                 if ($field == $order . '_pru') {
                     $found = true;
                 }
             }
             if ($found) {
                 $orderBy = $order . '_pru';
             } else {
                 $orderBy = 'lastName_pru,firstName_pru';
             }
         } else {
             $orderBy = 'lastName_pru,firstName_pru';
         }
         if ($orderBy) {
             $orderClause = "order by\n\t\t\t\t\t" . $orderBy . "\n\t\t\t\t\t" . $direction;
         }
     } elseif ($search) {
         $orderClause = " order by m " . $direction;
     }
     $sql = "\n\t\t\tselect\n\t\t\t\t" . $select . "\n\t\t\tfrom\n\t\t\t\tprofilesUsers\n\t\t\twhere \n\t\t\t deleted_pru='0'\n\t\t\t" . ($activeOnly ? " and  active_pru='1' " : '') . "\n\t\t\t" . $keywordsWhere . "\n\t\t\t" . $letterWhere . "\n\t\t\t" . $groupWhere . "\n\t\t\t" . $idWhere . "\n\t\t\t" . $orderClause . "\n\t\t";
     if ($limit) {
         $sql .= "limit \n\t\t\t\t" . $start . ", " . $limit;
     }
     $q = new CMS_query($sql);
     //pr($sql);
     //pr($q->getNumRows());
     $users = array();
     while ($r = $q->getArray()) {
         $id = $r['id_pru'];
         //set match score if exists
         if (isset($r['m'])) {
             $score[$id] = $r['m'];
         }
         if ($returnObjects) {
             $usr = CMS_profile_usersCatalog::getByID($id);
             if (is_a($usr, "CMS_profile_user") && !$usr->hasError()) {
                 if ($activeOnly && $usr->isActive() || !$activeOnly) {
                     $users[] = $usr;
                 }
             }
         } else {
             $users[] = $id;
         }
     }
     //pr($score);
     return $users;
 }
Example #2
0
 /**
  * Get all selected recipients for the field
  * @return array of usersIds which are recipients of the notification
  * @access public
  */
 private function _getRecipients($objectID)
 {
     $params = $this->getParamsValues();
     $recipients = array();
     if (isset($params['usersGroupsField']) && $params['usersGroupsField']) {
         //instanciate related item
         $item = CMS_poly_object_catalog::getObjectByID($objectID, false, true);
         if (!is_object($item) || $item->hasError()) {
             return $recipients;
         }
         //does selected field represent users or groups ?
         $field = new CMS_poly_object_field($params['usersGroupsField']);
         $isGroup = $field->getParameter('isGroup');
         //get item field value
         $ids = $item->objectValues($params['usersGroupsField'])->getValue('ids');
         if (!$ids) {
             return array();
         }
         //get users ids
         if ($isGroup) {
             foreach ($ids as $groupId) {
                 $usersIds = CMS_profile_usersGroupsCatalog::getGroupUsers($groupId, false);
                 foreach ($usersIds as $userId) {
                     $recipients[$userId] = $userId;
                 }
             }
         } else {
             $recipients = $ids;
         }
     } else {
         //get all active users ids
         $allUsers = CMS_profile_usersCatalog::getAll(true, false, false);
         //check if user is in included or excluded parameters lists
         $selectedGroups = $params['disableGroups'] ? explode(';', $params['disableGroups']) : array();
         $selectedUsers = $params['disableUsers'] ? explode(';', $params['disableUsers']) : array();
         //check all users to see if it match selection parameters
         foreach ($allUsers as $userId) {
             if ($params['includeExclude']) {
                 //user must be in selected groups or users to get email
                 $userSelected = false;
                 if (is_array($selectedGroups) && $selectedGroups) {
                     foreach ($selectedGroups as $groupId) {
                         if (CMS_profile_usersGroupsCatalog::userBelongsToGroup($userId, $groupId)) {
                             $userSelected = true;
                         }
                     }
                 }
                 if (is_array($selectedUsers) && $selectedUsers && in_array($userId, $selectedUsers)) {
                     $userSelected = true;
                 }
             } else {
                 //user must NOT be in selected groups or users to get email
                 $userSelected = true;
                 if (is_array($selectedGroups) && $selectedGroups) {
                     foreach ($selectedGroups as $groupId) {
                         if (CMS_profile_usersGroupsCatalog::userBelongsToGroup($userId, $groupId)) {
                             $userSelected = false;
                         }
                     }
                 }
                 if (is_array($selectedUsers) && $selectedUsers && in_array($userId, $selectedUsers)) {
                     $userSelected = false;
                 }
             }
             if ($userSelected) {
                 $recipients[] = $userId;
             }
         }
     }
     return $recipients;
 }
Example #3
0
$dir = sensitiveIO::request('dir');
$start = sensitiveIO::request('start', 'sensitiveIO::isPositiveInteger', 0);
$limit = sensitiveIO::request('limit', 'sensitiveIO::isPositiveInteger', CMS_session::getRecordsPerPage());
$filter = sensitiveIO::request('filter') ? true : false;
$withGroups = sensitiveIO::request('groups') ? true : false;
$withoutRoot = sensitiveIO::request('withoutroot') ? true : false;
$usersDatas = array();
$usersDatas['users'] = array();
if (!$cms_user->hasAdminClearance(CLEARANCE_ADMINISTRATION_EDITUSERS)) {
    CMS_grandFather::raiseError('User has no users management rights ...');
    $view->setContent($usersDatas);
    $view->show();
}
//load group's users if any
if ($groupId) {
    $groupUsers = CMS_profile_usersGroupsCatalog::getGroupUsers($groupId, false);
} else {
    $groupUsers = array();
}
//remove root user from search
if ($withoutRoot) {
    $search = ':noroot: ' . $search;
}
if ($groupId && $filter) {
    //search users
    $users = CMS_profile_usersCatalog::search($search, $letter, $groupId, $sort, $dir, $start, $limit);
} else {
    //search users
    $users = CMS_profile_usersCatalog::search($search, $letter, false, $sort, $dir, $start, $limit);
}
//loop over users to get all required infos