/**
* We need to update the user groups
*/
private function UpdateUserGroups()
{
$db =& $this->db;
// Get all the current users in the system
$SQL = "SELECT UserID, groupID, UserName FROM `user`";
if (!($result = $db->query($SQL))) {
reportError('20.php', "Error creating user groups" . $db->error());
}
while ($row = $db->get_assoc_row($result)) {
// For each display create a display group and link it to the display
$ugid = 0;
$userID = Kit::ValidateParam($row['UserID'], _INT);
$groupID = Kit::ValidateParam($row['groupID'], _INT);
$username = Kit::ValidateParam($row['UserName'], _STRING);
$ug = new UserGroup($db);
// For each one create a user specific group
if (!($ugId = $ug->Add($username, 1))) {
reportError('20.php', "Error creating user groups" . $db->error());
}
// Link to the users own userspecific group and also to the one they were already on
$ug->Link($ugId, $userID);
$ug->Link($groupID, $userID);
}
}
function getGroupFromID($id, $returnID = false)
{
$db =& $this->db;
$SQL = "";
$SQL .= "SELECT group.group, ";
$SQL .= " group.groupID ";
$SQL .= "FROM `user` ";
$SQL .= " INNER JOIN lkusergroup ";
$SQL .= " ON lkusergroup.UserID = user.UserID ";
$SQL .= " INNER JOIN `group` ";
$SQL .= " ON group.groupID = lkusergroup.GroupID ";
$SQL .= sprintf("WHERE `user`.userid = %d ", $id);
$SQL .= "AND `group`.IsUserSpecific = 1";
if (!($results = $db->query($SQL))) {
trigger_error($db->error());
trigger_error("Error looking up user information (group)", E_USER_ERROR);
}
if ($db->num_rows($results) == 0) {
// Every user should have a group?
// Add one in!
Kit::ClassLoader('usergroup');
$userGroupObject = new UserGroup($db);
if (!($groupID = $userGroupObject->Add($this->getNameFromID($id), 1))) {
// Error
trigger_error(__('User does not have a group and we are unable to add one.'), E_USER_ERROR);
}
// Link the two
$userGroupObject->Link($groupID, $id);
if ($returnID) {
return $groupID;
}
return 'Unknown';
}
$row = $db->get_row($results);
if ($returnID) {
return $row[1];
}
return $row[0];
}
/**
* Adds a user
* @param string $password
* @param int $initialGroupId
* @return bool
*/
public function add($password, $initialGroupId)
{
// Validation
if ($this->userName == '' || strlen($this->userName) > 50) {
return $this->SetError(__('User name must be between 1 and 50 characters.'));
}
if ($password == '') {
return $this->SetError(__('Please enter a Password.'));
}
if ($this->homePage == '') {
$this->homePage = "dashboard";
}
// Test the password
if (!$this->testPasswordAgainstPolicy($password)) {
return false;
}
try {
$dbh = PDOConnect::init();
// Check for duplicate user name
$sth = $dbh->prepare('SELECT UserName FROM `user` WHERE UserName = :userName');
$sth->execute(array('userName' => $this->userName));
$results = $sth->fetchAll();
if (count($results) > 0) {
$this->ThrowError(__('There is already a user with this name. Please choose another.'));
}
// Ready to enter the user into the database
$password = md5($password);
// Run the INSERT statement
$SQL = 'INSERT INTO user (UserName, UserPassword, usertypeid, email, homepage)
VALUES (:userName, :password, :userTypeId, :email, :homePage)';
$insertSth = $dbh->prepare($SQL);
$insertSth->execute(array('userName' => $this->userName, 'password' => $password, 'userTypeId' => $this->userTypeId, 'email' => $this->email, 'homePage' => $this->homePage));
// Get the ID of the record we just inserted
$this->userId = $dbh->lastInsertId();
// Add the user group
$userGroupObject = new UserGroup();
$groupId = $userGroupObject->Add($this->userName, 1);
// Link them
$userGroupObject->Link($groupId, $this->userId);
// Link the initial group
$userGroupObject->Link($initialGroupId, $this->userId);
return true;
} catch (Exception $e) {
Debug::Error($e->getMessage());
if (!$this->IsError()) {
$this->SetError(1, __('Unknown Error'));
}
return false;
}
}
/**
* Adds a group
* @return
*/
function Add()
{
// Check the token
if (!Kit::CheckToken()) {
trigger_error('Token does not match', E_USER_ERROR);
}
$db =& $this->db;
$response = new ResponseManager();
$group = Kit::GetParam('group', _POST, _STRING);
$userGroupObject = new UserGroup($db);
if (!$userGroupObject->Add($group, 0)) {
trigger_error($userGroupObject->GetErrorMessage(), E_USER_ERROR);
}
$response->SetFormSubmitResponse(__('User Group Added'), false);
$response->Respond();
}
/**
* Adds a user
*
* @return unknown
*/
function AddUser()
{
// Check the token
if (!Kit::CheckToken()) {
trigger_error('Token does not match', E_USER_ERROR);
}
$db =& $this->db;
$response = new ResponseManager();
$username = Kit::GetParam('username', _POST, _STRING);
$password = Kit::GetParam('password', _POST, _STRING);
$email = Kit::GetParam('email', _POST, _STRING);
$usertypeid = Kit::GetParam('usertypeid', _POST, _INT);
$homepage = Kit::GetParam('homepage', _POST, _STRING);
$initialGroupId = Kit::GetParam('groupid', _POST, _INT);
// Validation
if ($username == "") {
trigger_error("Please enter a User Name.", E_USER_ERROR);
}
if ($password == "") {
trigger_error("Please enter a Password.", E_USER_ERROR);
}
if ($homepage == "") {
$homepage = "dashboard";
}
// Test the password
Kit::ClassLoader('userdata');
$userData = new Userdata($db);
if (!$userData->TestPasswordAgainstPolicy($password)) {
trigger_error($userData->GetErrorMessage(), E_USER_ERROR);
}
// Check for duplicate user name
$sqlcheck = " ";
$sqlcheck .= sprintf("SELECT UserName FROM user WHERE UserName = '******'", $db->escape_string($username));
if (!($sqlcheckresult = $db->query($sqlcheck))) {
trigger_error($db->error());
trigger_error("Cant get this user's name. Please try another.", E_USER_ERROR);
}
if ($db->num_rows($sqlcheckresult) != 0) {
trigger_error("Could Not Complete, Duplicate User Name Exists", E_USER_ERROR);
}
// Ready to enter the user into the database
$password = md5($password);
// Run the INSERT statement
$query = "INSERT INTO user (UserName, UserPassword, usertypeid, email, homepage)";
$query .= " VALUES ('{$username}', '{$password}', {$usertypeid}, '{$email}', '{$homepage}')";
if (!($id = $db->insert_query($query))) {
trigger_error($db->error());
trigger_error("Error adding that user", E_USER_ERROR);
}
// Add the user group
$userGroupObject = new UserGroup($db);
if (!($groupID = $userGroupObject->Add($username, 1))) {
// We really want to delete the new user...
//TODO: Delete the new user
// And then error
trigger_error($userGroupObject->GetErrorMessage(), E_USER_ERROR);
}
$userGroupObject->Link($groupID, $id);
// Link the initial group
$userGroupObject->Link($initialGroupId, $id);
$response->SetFormSubmitResponse('User Saved.');
$response->Respond();
}
