}
}
if ($mode == 'manage') {
if (Registry::get('runtime.company_id') && !empty($_REQUEST['user_type']) && ($_REQUEST['user_type'] == 'P' || $_REQUEST['user_type'] == 'A' && !fn_check_permission_manage_profiles('A'))) {
return array(CONTROLLER_STATUS_DENIED);
}
if (!empty($_REQUEST['user_type']) && $_REQUEST['user_type'] == 'V' && fn_allowed_for('ULTIMATE')) {
return array(CONTROLLER_STATUS_NO_PAGE);
}
list($users, $search) = fn_get_users($_REQUEST, $auth, Registry::get('settings.Appearance.admin_elements_per_page'));
Tygh::$app['view']->assign('users', $users);
Tygh::$app['view']->assign('search', $search);
if (!empty($search['user_type'])) {
Tygh::$app['view']->assign('user_type_description', fn_get_user_type_description($search['user_type']));
}
$user_types = fn_get_user_types();
if (Registry::get('runtime.company_id') && fn_allowed_for("MULTIVENDOR")) {
unset($user_types['C']);
}
if (fn_is_restricted_admin(array('user_type' => 'V'))) {
unset($user_types['V']);
}
Tygh::$app['view']->assign('user_types', $user_types);
Tygh::$app['view']->assign('countries', fn_get_simple_countries(true, CART_LANGUAGE));
Tygh::$app['view']->assign('states', fn_get_all_states());
Tygh::$app['view']->assign('usergroups', fn_get_usergroups(array('status' => array('A', 'H')), DESCR_SL));
} elseif ($mode == 'act_as_user' || $mode == 'view_product_as_user') {
if (fn_is_restricted_admin($_REQUEST) == true) {
return array(CONTROLLER_STATUS_DENIED);
}
$condition = '';
function fn_get_users($params, &$auth, $items_per_page = 0, $custom_view = '')
{
// Init filter
$_view = !empty($custom_view) ? $custom_view : 'users';
$params = fn_init_view($_view, $params);
// Set default values to input params
$params['page'] = empty($params['page']) ? 1 : $params['page'];
// Define fields that should be retrieved
$fields = array("?:users.user_id", "?:users.user_login", "?:users.timestamp", "?:users.user_type", "?:users.status", "?:users.firstname", "?:users.lastname", "?:users.email", "?:users.company", "?:users.company_id", "?:companies.company as company_name");
// Define sort fields
$sortings = array('id' => "?:users.user_id", 'username' => "?:users.user_login", 'email' => "?:users.email", 'name' => array("?:users.lastname", "?:users.firstname"), 'date' => "?:users.timestamp", 'type' => "?:users.user_type", 'status' => "?:users.status", 'company' => "company_name");
$directions = array('asc' => 'asc', 'desc' => 'desc');
$condition = $join = $group = '';
$group .= " GROUP BY ?:users.user_id";
if (isset($params['company']) && fn_string_no_empty($params['company'])) {
$condition .= db_quote(" AND ?:users.company LIKE ?l", "%" . trim($params['company']) . "%");
}
if (isset($params['name']) && fn_string_no_empty($params['name'])) {
$arr = fn_explode(' ', $params['name']);
foreach ($arr as $k => $v) {
if (!fn_string_no_empty($v)) {
unset($arr[$k]);
}
}
if (sizeof($arr) == 2) {
$condition .= db_quote(" AND (?:users.firstname LIKE ?l AND ?:users.lastname LIKE ?l)", "%" . array_shift($arr) . "%", "%" . array_shift($arr) . "%");
} else {
$condition .= db_quote(" AND (?:users.firstname LIKE ?l OR ?:users.lastname LIKE ?l)", "%" . trim($params['name']) . "%", "%" . trim($params['name']) . "%");
}
}
if (isset($params['user_login']) && fn_string_no_empty($params['user_login'])) {
$condition .= db_quote(" AND ?:users.user_login LIKE ?l", "%" . trim($params['user_login']) . "%");
}
if (!empty($params['tax_exempt'])) {
$condition .= db_quote(" AND ?:users.tax_exempt = ?s", $params['tax_exempt']);
}
if (isset($params['usergroup_id']) && $params['usergroup_id'] != ALL_USERGROUPS) {
if (!empty($params['usergroup_id'])) {
$join .= db_quote(" LEFT JOIN ?:usergroup_links ON ?:usergroup_links.user_id = ?:users.user_id AND ?:usergroup_links.usergroup_id = ?i", $params['usergroup_id']);
$condition .= " AND ?:usergroup_links.status = 'A'";
} else {
$join .= " LEFT JOIN ?:usergroup_links ON ?:usergroup_links.user_id = ?:users.user_id AND ?:usergroup_links.status = 'A'";
$condition .= " AND ?:usergroup_links.user_id IS NULL";
}
}
if (!empty($params['status'])) {
$condition .= db_quote(" AND ?:users.status = ?s", $params['status']);
}
if (isset($params['email']) && fn_string_no_empty($params['email'])) {
$condition .= db_quote(" AND ?:users.email LIKE ?l", "%" . trim($params['email']) . "%");
}
if (isset($params['address']) && fn_string_no_empty($params['address'])) {
$condition .= db_quote(" AND (?:user_profiles.b_address LIKE ?l OR ?:user_profiles.s_address LIKE ?l)", "%" . trim($params['address']) . "%", "%" . trim($params['address']) . "%");
}
if (isset($params['zipcode']) && fn_string_no_empty($params['zipcode'])) {
$condition .= db_quote(" AND (?:user_profiles.b_zipcode LIKE ?l OR ?:user_profiles.s_zipcode LIKE ?l)", "%" . trim($params['zipcode']) . "%", "%" . trim($params['zipcode']) . "%");
}
if (!empty($params['country'])) {
$condition .= db_quote(" AND (?:user_profiles.b_country LIKE ?l OR ?:user_profiles.s_country LIKE ?l)", "%{$params['country']}%", "%{$params['country']}%");
}
if (isset($params['state']) && fn_string_no_empty($params['state'])) {
$condition .= db_quote(" AND (?:user_profiles.b_state LIKE ?l OR ?:user_profiles.s_state LIKE ?l)", "%" . trim($params['state']) . "%", "%" . trim($params['state']) . "%");
}
if (isset($params['city']) && fn_string_no_empty($params['city'])) {
$condition .= db_quote(" AND (?:user_profiles.b_city LIKE ?l OR ?:user_profiles.s_city LIKE ?l)", "%" . trim($params['city']) . "%", "%" . trim($params['city']) . "%");
}
if (!empty($params['user_type'])) {
$condition .= db_quote(' AND ?:users.user_type = ?s', $params['user_type']);
}
if (!empty($params['user_id'])) {
$condition .= db_quote(' AND ?:users.user_id IN (?n)', $params['user_id']);
}
if (!empty($params['exclude_user_types'])) {
$condition .= db_quote(" AND ?:users.user_type NOT IN (?a)", $params['exclude_user_types']);
}
if (defined('COMPANY_ID')) {
if (empty($params['user_type']) || !empty($params['user_type']) && $params['user_type'] == 'C' || !empty($params['exclude_user_types']) && !in_array('C', $params['exclude_user_types'])) {
$_cond = db_quote("(?:users.user_type = 'A' && ?:users.company_id = ?i)", COMPANY_ID);
$company_customers = db_get_fields("SELECT user_id FROM ?:orders WHERE company_id = ?i", COMPANY_ID);
if ($company_customers) {
$_cond = db_quote("((?:users.user_type = 'C' && ?:users.user_id IN (?n)) OR {$_cond})", $company_customers);
}
$condition .= " AND {$_cond} ";
} else {
$condition .= fn_get_company_condition('?:users.company_id');
}
}
if (!empty($params['p_ids']) || !empty($params['product_view_id'])) {
$arr = strpos($params['p_ids'], ',') !== false || !is_array($params['p_ids']) ? explode(',', $params['p_ids']) : $params['p_ids'];
if (empty($params['product_view_id'])) {
$condition .= db_quote(" AND ?:order_details.product_id IN (?n)", $arr);
} else {
$condition .= db_quote(" AND ?:order_details.product_id IN (?n)", db_get_fields(fn_get_products(array('view_id' => $params['product_view_id'], 'get_query' => true))));
}
$join .= db_quote(" LEFT JOIN ?:orders ON ?:orders.user_id = ?:users.user_id LEFT JOIN ?:order_details ON ?:order_details.order_id = ?:orders.order_id");
}
if (defined('RESTRICTED_ADMIN')) {
// FIXME: NOT GOOD
$condition .= db_quote(" AND (?:users.user_type != 'A' || (?:users.user_type = 'A' AND ?:users.user_id = ?i))", $auth['user_id']);
}
$active_user_types = fn_get_user_types();
$condition .= db_quote(" AND ?:users.user_type IN(?a)", array_keys($active_user_types));
$join .= db_quote(" LEFT JOIN ?:user_profiles ON ?:user_profiles.user_id = ?:users.user_id");
$join .= db_quote(" LEFT JOIN ?:companies ON ?:companies.company_id = ?:users.company_id");
fn_set_hook('get_users', $params, $fields, $sortings, $condition, $join);
if (empty($params['sort_order']) || empty($directions[$params['sort_order']])) {
$params['sort_order'] = 'asc';
}
if (empty($params['sort_by']) || empty($sortings[$params['sort_by']])) {
$params['sort_by'] = 'name';
}
$sorting = (is_array($sortings[$params['sort_by']]) ? implode(' ' . $directions[$params['sort_order']] . ', ', $sortings[$params['sort_by']]) : $sortings[$params['sort_by']]) . " " . $directions[$params['sort_order']];
// Reverse sorting (for usage in view)
$params['sort_order'] = $params['sort_order'] == 'asc' ? 'desc' : 'asc';
// Paginate search results
$limit = '';
if (!empty($items_per_page)) {
$total = db_get_field("SELECT COUNT(DISTINCT(?:users.user_id)) FROM ?:users {$join} WHERE 1 {$condition}");
$limit = fn_paginate($params['page'], $total, $items_per_page);
}
$users = db_get_array("SELECT " . implode(', ', $fields) . " FROM ?:users {$join} WHERE 1 {$condition} {$group} ORDER BY {$sorting} {$limit}");
return array($users, $params);
}
/**
* Getting users list
*
* @param array $params Params list
* @param array $auth Auth
* @param int $items_per_page Items per page
* @param str $custom_view Custom view
* @return array
*/
function fn_get_users($params, &$auth, $items_per_page = 0, $custom_view = '')
{
/**
* Actions before getting users list
*
* @param array $params Params list
* @param array $auth Auth data
* @param int $items_per_page Items per page
* @param str $custom_view Custom view
*/
fn_set_hook('get_users_pre', $params, $auth, $items_per_page, $custom_view);
// Init filter
$_view = !empty($custom_view) ? $custom_view : 'users';
$params = LastView::instance()->update($_view, $params);
// Set default values to input params
$default_params = array('page' => 1, 'items_per_page' => $items_per_page);
$params = array_merge($default_params, $params);
// Define fields that should be retrieved
$fields = array("?:users.user_id", "?:users.user_login", "?:users.is_root", "?:users.timestamp", "?:users.user_type", "?:users.status", "?:users.firstname", "?:users.lastname", "?:users.email", "?:users.company", "?:users.company_id", "?:companies.company as company_name");
// Define sort fields
$sortings = array('id' => "?:users.user_id", 'username' => "?:users.user_login", 'email' => "?:users.email", 'name' => array("?:users.lastname", "?:users.firstname"), 'date' => "?:users.timestamp", 'type' => "?:users.user_type", 'status' => "?:users.status", 'company' => "company_name");
if (isset($params['compact']) && $params['compact'] == 'Y') {
$union_condition = ' OR ';
} else {
$union_condition = ' AND ';
}
$condition = array();
$join = $group = '';
$group .= " GROUP BY ?:users.user_id";
if (isset($params['company']) && fn_string_not_empty($params['company'])) {
$condition['company'] = db_quote(" AND ?:users.company LIKE ?l", "%" . trim($params['company']) . "%");
}
if (isset($params['name']) && fn_string_not_empty($params['name'])) {
$arr = fn_explode(' ', $params['name']);
foreach ($arr as $k => $v) {
if (!fn_string_not_empty($v)) {
unset($arr[$k]);
}
}
if (sizeof($arr) == 2) {
$condition['name'] = db_quote(" AND (?:users.firstname LIKE ?l AND ?:users.lastname LIKE ?l)", "%" . array_shift($arr) . "%", "%" . array_shift($arr) . "%");
} else {
$condition['name'] = db_quote(" AND (?:users.firstname LIKE ?l OR ?:users.lastname LIKE ?l)", "%" . trim($params['name']) . "%", "%" . trim($params['name']) . "%");
}
}
if (isset($params['user_login']) && fn_string_not_empty($params['user_login'])) {
$condition['user_login'] = db_quote(" {$union_condition} ?:users.user_login LIKE ?l", "%" . trim($params['user_login']) . "%");
}
if (!empty($params['tax_exempt'])) {
$condition['tax_exempt'] = db_quote(" AND ?:users.tax_exempt = ?s", $params['tax_exempt']);
}
if (!fn_allowed_for('ULTIMATE:FREE')) {
if (isset($params['usergroup_id']) && $params['usergroup_id'] != ALL_USERGROUPS) {
if (!empty($params['usergroup_id'])) {
$join .= db_quote(" LEFT JOIN ?:usergroup_links ON ?:usergroup_links.user_id = ?:users.user_id AND ?:usergroup_links.usergroup_id = ?i", $params['usergroup_id']);
$condition['usergroup_links'] = " AND ?:usergroup_links.status = 'A'";
} else {
$join .= " LEFT JOIN ?:usergroup_links ON ?:usergroup_links.user_id = ?:users.user_id AND ?:usergroup_links.status = 'A'";
$condition['usergroup_links'] = " AND ?:usergroup_links.user_id IS NULL";
}
}
}
if (!empty($params['status'])) {
$condition['status'] = db_quote(" AND ?:users.status = ?s", $params['status']);
}
if (isset($params['email']) && fn_string_not_empty($params['email'])) {
$condition['email'] = db_quote(" {$union_condition} ?:users.email LIKE ?l", "%" . trim($params['email']) . "%");
}
if (isset($params['address']) && fn_string_not_empty($params['address'])) {
$condition['address'] = db_quote(" AND (?:user_profiles.b_address LIKE ?l OR ?:user_profiles.s_address LIKE ?l)", "%" . trim($params['address']) . "%", "%" . trim($params['address']) . "%");
}
if (isset($params['zipcode']) && fn_string_not_empty($params['zipcode'])) {
$condition['zipcode'] = db_quote(" AND (?:user_profiles.b_zipcode LIKE ?l OR ?:user_profiles.s_zipcode LIKE ?l)", "%" . trim($params['zipcode']) . "%", "%" . trim($params['zipcode']) . "%");
}
if (!empty($params['country'])) {
$condition['country'] = db_quote(" AND (?:user_profiles.b_country LIKE ?l OR ?:user_profiles.s_country LIKE ?l)", "%{$params['country']}%", "%{$params['country']}%");
}
if (isset($params['state']) && fn_string_not_empty($params['state'])) {
$condition['state'] = db_quote(" AND (?:user_profiles.b_state LIKE ?l OR ?:user_profiles.s_state LIKE ?l)", "%" . trim($params['state']) . "%", "%" . trim($params['state']) . "%");
}
if (isset($params['city']) && fn_string_not_empty($params['city'])) {
$condition['city'] = db_quote(" AND (?:user_profiles.b_city LIKE ?l OR ?:user_profiles.s_city LIKE ?l)", "%" . trim($params['city']) . "%", "%" . trim($params['city']) . "%");
}
if (!empty($params['user_id'])) {
$condition['user_id'] = db_quote(' AND ?:users.user_id IN (?n)', $params['user_id']);
}
if (!empty($params['p_ids']) || !empty($params['product_view_id'])) {
$arr = strpos($params['p_ids'], ',') !== false || !is_array($params['p_ids']) ? explode(',', $params['p_ids']) : $params['p_ids'];
if (empty($params['product_view_id'])) {
$condition['order_product_id'] = db_quote(" AND ?:order_details.product_id IN (?n)", $arr);
} else {
$condition['order_product_id'] = db_quote(" AND ?:order_details.product_id IN (?n)", db_get_fields(fn_get_products(array('view_id' => $params['product_view_id'], 'get_query' => true))));
}
$join .= db_quote(" LEFT JOIN ?:orders ON ?:orders.user_id = ?:users.user_id AND ?:orders.is_parent_order != 'Y' LEFT JOIN ?:order_details ON ?:order_details.order_id = ?:orders.order_id");
}
if (defined('RESTRICTED_ADMIN')) {
// FIXME: NOT GOOD
$condition['restricted_admin'] = db_quote(" AND ((?:users.user_type != 'A' AND ?:users.user_type != 'V') OR (?:users.user_type = 'A' AND ?:users.user_id = ?i))", $auth['user_id']);
}
// sometimes other vendor's admins could buy products from other vendors.
if (!empty($params['user_type']) && (!($params['user_type'] == 'C' && Registry::get('runtime.company_id')) || fn_allowed_for('ULTIMATE'))) {
$condition['user_type'] = db_quote(' AND ?:users.user_type = ?s', $params['user_type']);
} else {
// Get active user types
$user_types = array_keys(fn_get_user_types());
// Select only necessary groups frm all available
if (!empty($params['user_types'])) {
$user_types = array_intersect($user_types, $params['user_types']);
}
if (!empty($params['exclude_user_types'])) {
$user_types = array_diff($user_types, $params['exclude_user_types']);
}
$condition['user_type'] = db_quote(" AND ?:users.user_type IN(?a)", $user_types);
}
$join .= db_quote(" LEFT JOIN ?:user_profiles ON ?:user_profiles.user_id = ?:users.user_id");
$join .= db_quote(" LEFT JOIN ?:companies ON ?:companies.company_id = ?:users.company_id");
/**
* Prepare params for getting users query
*
* @param array $params Params list
* @param array $fields Fields list
* @param array $sortings Sorting variants
* @param array $condition Conditions set
* @param str $join Joins list
* @param array $auth Auth data
*/
fn_set_hook('get_users', $params, $fields, $sortings, $condition, $join, $auth);
$sorting = db_sort($params, $sortings, 'name', 'asc');
// Used for Extended search
if (!empty($params['get_conditions'])) {
return array($fields, $join, $condition);
}
// Paginate search results
$limit = '';
if (!empty($params['items_per_page'])) {
$params['total_items'] = db_get_field("SELECT COUNT(DISTINCT(?:users.user_id)) FROM ?:users {$join} WHERE 1 " . implode(' ', $condition));
$limit = db_paginate($params['page'], $params['items_per_page'], $params['total_items']);
}
$users = db_get_array("SELECT " . implode(', ', $fields) . " FROM ?:users {$join} WHERE 1" . implode('', $condition) . " {$group} {$sorting} {$limit}");
LastView::instance()->processResults('users', $users, $params);
/**
* Actions after getting users list
*
* @param array $users Users list
* @param array $params Params list
* @param array $auth Auth data
*/
fn_set_hook('get_users_post', $users, $params, $auth);
return array($users, $params);
}
$_SESSION['export_ranges']['users'] = array('pattern_id' => 'users');
}
$_SESSION['export_ranges']['users']['data'] = array('user_id' => $_REQUEST['user_ids']);
unset($_REQUEST['redirect_url']);
return array(CONTROLLER_STATUS_REDIRECT, "exim.export?section=users&pattern_id=" . $_SESSION['export_ranges']['users']['pattern_id']);
}
}
}
if ($mode == 'manage') {
list($users, $search) = fn_get_users($_REQUEST, $auth, Registry::get('settings.Appearance.admin_elements_per_page'));
$view->assign('users', $users);
$view->assign('search', $search);
if (!empty($search['user_type'])) {
$view->assign('user_type_description', fn_get_user_type_description($search['user_type']));
}
$view->assign('user_types', fn_get_user_types());
$view->assign('countries', fn_get_countries(CART_LANGUAGE, true));
$view->assign('states', fn_get_all_states());
$view->assign('usergroups', fn_get_usergroups('F', DESCR_SL));
} elseif ($mode == 'act_as_user') {
if (fn_is_restricted_admin($_REQUEST) == true) {
return array(CONTROLLER_STATUS_DENIED);
}
$condition = fn_get_company_condition();
$user_data = db_get_row("SELECT * FROM ?:users WHERE user_id = ?i {$condition}", $_REQUEST['user_id']);
if (!empty($user_data)) {
$user_type = empty($_REQUEST['area']) ? $user_data['user_type'] == 'A' ? 'A' : 'C' : $_REQUEST['area'];
// 'area' variable was used for loging in to the area different from the user type.
$sess_data = array('auth' => fn_fill_auth($user_data, array(), true, $user_type));
fn_init_user_session_data($sess_data, $_REQUEST['user_id']);
Session::save(Session::get_id(), $sess_data, $user_type);
