/** * We need to update the user groups */ private function UpdateUserGroups() { $db =& $this->db; // Get all the current users in the system $SQL = "SELECT UserID, groupID, UserName FROM `user`"; if (!($result = $db->query($SQL))) { reportError('20.php', "Error creating user groups" . $db->error()); } while ($row = $db->get_assoc_row($result)) { // For each display create a display group and link it to the display $ugid = 0; $userID = Kit::ValidateParam($row['UserID'], _INT); $groupID = Kit::ValidateParam($row['groupID'], _INT); $username = Kit::ValidateParam($row['UserName'], _STRING); $ug = new UserGroup($db); // For each one create a user specific group if (!($ugId = $ug->Add($username, 1))) { reportError('20.php', "Error creating user groups" . $db->error()); } // Link to the users own userspecific group and also to the one they were already on $ug->Link($ugId, $userID); $ug->Link($groupID, $userID); } }
function getGroupFromID($id, $returnID = false) { $db =& $this->db; $SQL = ""; $SQL .= "SELECT group.group, "; $SQL .= " group.groupID "; $SQL .= "FROM `user` "; $SQL .= " INNER JOIN lkusergroup "; $SQL .= " ON lkusergroup.UserID = user.UserID "; $SQL .= " INNER JOIN `group` "; $SQL .= " ON group.groupID = lkusergroup.GroupID "; $SQL .= sprintf("WHERE `user`.userid = %d ", $id); $SQL .= "AND `group`.IsUserSpecific = 1"; if (!($results = $db->query($SQL))) { trigger_error($db->error()); trigger_error("Error looking up user information (group)", E_USER_ERROR); } if ($db->num_rows($results) == 0) { // Every user should have a group? // Add one in! Kit::ClassLoader('usergroup'); $userGroupObject = new UserGroup($db); if (!($groupID = $userGroupObject->Add($this->getNameFromID($id), 1))) { // Error trigger_error(__('User does not have a group and we are unable to add one.'), E_USER_ERROR); } // Link the two $userGroupObject->Link($groupID, $id); if ($returnID) { return $groupID; } return 'Unknown'; } $row = $db->get_row($results); if ($returnID) { return $row[1]; } return $row[0]; }
/** * Sets the Members of a group * @return */ public function SetMembers() { $db =& $this->db; $response = new ResponseManager(); $groupObject = new UserGroup($db); $groupID = Kit::GetParam('GroupID', _REQUEST, _INT); $users = Kit::GetParam('UserID', _POST, _ARRAY, array()); $members = array(); // Users in group $SQL = ""; $SQL .= "SELECT user.UserID, "; $SQL .= " user.UserName "; $SQL .= "FROM `user` "; $SQL .= " INNER JOIN lkusergroup "; $SQL .= " ON lkusergroup.UserID = user.UserID "; $SQL .= sprintf("WHERE lkusergroup.GroupID = %d", $groupID); if (!($resultIn = $db->query($SQL))) { trigger_error($db->error()); trigger_error(__('Error getting Users')); } while ($row = $db->get_assoc_row($resultIn)) { // Test whether this ID is in the array or not $userID = Kit::ValidateParam($row['UserID'], _INT); if (!in_array($userID, $users)) { // Its currently assigned but not in the $displays array // so we unassign if (!$groupObject->Unlink($groupID, $userID)) { trigger_error($groupObject->GetErrorMessage(), E_USER_ERROR); } } else { $members[] = $userID; } } foreach ($users as $userID) { // Add any that are missing if (!in_array($userID, $members)) { if (!$groupObject->Link($groupID, $userID)) { trigger_error($groupObject->GetErrorMessage(), E_USER_ERROR); } } } $response->SetFormSubmitResponse(__('Group membership set'), false); $response->Respond(); }
/** * Adds a user * @param string $password * @param int $initialGroupId * @return bool */ public function add($password, $initialGroupId) { // Validation if ($this->userName == '' || strlen($this->userName) > 50) { return $this->SetError(__('User name must be between 1 and 50 characters.')); } if ($password == '') { return $this->SetError(__('Please enter a Password.')); } if ($this->homePage == '') { $this->homePage = "dashboard"; } // Test the password if (!$this->testPasswordAgainstPolicy($password)) { return false; } try { $dbh = PDOConnect::init(); // Check for duplicate user name $sth = $dbh->prepare('SELECT UserName FROM `user` WHERE UserName = :userName'); $sth->execute(array('userName' => $this->userName)); $results = $sth->fetchAll(); if (count($results) > 0) { $this->ThrowError(__('There is already a user with this name. Please choose another.')); } // Ready to enter the user into the database $password = md5($password); // Run the INSERT statement $SQL = 'INSERT INTO user (UserName, UserPassword, usertypeid, email, homepage) VALUES (:userName, :password, :userTypeId, :email, :homePage)'; $insertSth = $dbh->prepare($SQL); $insertSth->execute(array('userName' => $this->userName, 'password' => $password, 'userTypeId' => $this->userTypeId, 'email' => $this->email, 'homePage' => $this->homePage)); // Get the ID of the record we just inserted $this->userId = $dbh->lastInsertId(); // Add the user group $userGroupObject = new UserGroup(); $groupId = $userGroupObject->Add($this->userName, 1); // Link them $userGroupObject->Link($groupId, $this->userId); // Link the initial group $userGroupObject->Link($initialGroupId, $this->userId); return true; } catch (Exception $e) { Debug::Error($e->getMessage()); if (!$this->IsError()) { $this->SetError(1, __('Unknown Error')); } return false; } }
/** * Adds a user * * @return unknown */ function AddUser() { // Check the token if (!Kit::CheckToken()) { trigger_error('Token does not match', E_USER_ERROR); } $db =& $this->db; $response = new ResponseManager(); $username = Kit::GetParam('username', _POST, _STRING); $password = Kit::GetParam('password', _POST, _STRING); $email = Kit::GetParam('email', _POST, _STRING); $usertypeid = Kit::GetParam('usertypeid', _POST, _INT); $homepage = Kit::GetParam('homepage', _POST, _STRING); $initialGroupId = Kit::GetParam('groupid', _POST, _INT); // Validation if ($username == "") { trigger_error("Please enter a User Name.", E_USER_ERROR); } if ($password == "") { trigger_error("Please enter a Password.", E_USER_ERROR); } if ($homepage == "") { $homepage = "dashboard"; } // Test the password Kit::ClassLoader('userdata'); $userData = new Userdata($db); if (!$userData->TestPasswordAgainstPolicy($password)) { trigger_error($userData->GetErrorMessage(), E_USER_ERROR); } // Check for duplicate user name $sqlcheck = " "; $sqlcheck .= sprintf("SELECT UserName FROM user WHERE UserName = '******'", $db->escape_string($username)); if (!($sqlcheckresult = $db->query($sqlcheck))) { trigger_error($db->error()); trigger_error("Cant get this user's name. Please try another.", E_USER_ERROR); } if ($db->num_rows($sqlcheckresult) != 0) { trigger_error("Could Not Complete, Duplicate User Name Exists", E_USER_ERROR); } // Ready to enter the user into the database $password = md5($password); // Run the INSERT statement $query = "INSERT INTO user (UserName, UserPassword, usertypeid, email, homepage)"; $query .= " VALUES ('{$username}', '{$password}', {$usertypeid}, '{$email}', '{$homepage}')"; if (!($id = $db->insert_query($query))) { trigger_error($db->error()); trigger_error("Error adding that user", E_USER_ERROR); } // Add the user group $userGroupObject = new UserGroup($db); if (!($groupID = $userGroupObject->Add($username, 1))) { // We really want to delete the new user... //TODO: Delete the new user // And then error trigger_error($userGroupObject->GetErrorMessage(), E_USER_ERROR); } $userGroupObject->Link($groupID, $id); // Link the initial group $userGroupObject->Link($initialGroupId, $id); $response->SetFormSubmitResponse('User Saved.'); $response->Respond(); }
/** * Sets the Members of a group */ public function SetMembers() { $db =& $this->db; $response = new ResponseManager(); $groupObject = new UserGroup($db); $groupId = Kit::GetParam('GroupID', _REQUEST, _INT); $users = Kit::GetParam('UserID', _POST, _ARRAY, array()); // We will receive a list of users from the UI which are in the "assign column" at the time the form is // submitted. // We want to go through and unlink any users that are NOT in that list, but that the current user has access // to edit. // We want to add any users that are in that list (but aren't already assigned) // All users that this session has access to if (!($allUsers = $this->user->userList())) { trigger_error(__('Error getting all users'), E_USER_ERROR); } // Convert to an array of ID's for convenience $allUserIds = array_map(function ($array) { return $array['userid']; }, $allUsers); // Users in group $usersAssigned = UserData::entries(null, array('groupIds' => array($groupId))); Debug::Audit('All userIds we want to assign: ' . var_export($users, true)); Debug::Audit('All userIds we have access to: ' . var_export($allUserIds, true)); foreach ($usersAssigned as $user) { /* @var Userdata $user */ // Did this session have permission to do anything to this user? // If not, move on if (!in_array($user->userId, $allUserIds)) { continue; } Debug::Audit('Logged in user has permission to make changes to this assigned user ' . $user->userId); // Is this user in the provided list of users? if (in_array($user->userId, $users)) { // This user is already assigned, so we remove it from the $users array Debug::Audit('This user is already assigned ' . $user->userId); if (($key = array_search($user->userId, $users)) !== false) { unset($users[$key]); } } else { Debug::Audit('This user is assigned, but not in the list of assignments ' . $user->userId); // It isn't therefore needs to be removed if (!$groupObject->Unlink($groupId, $user->userId)) { trigger_error($groupObject->GetErrorMessage(), E_USER_ERROR); } } } Debug::Audit('All userIds we want to assign after sorting: ' . var_export($users, true)); // Add any users that are still missing after tha assignment process foreach ($users as $userId) { Debug::Audit('User was missing, linking them: ' . $userId); // Add any that are missing if (!$groupObject->Link($groupId, $userId)) { trigger_error($groupObject->GetErrorMessage(), E_USER_ERROR); } } $response->SetFormSubmitResponse(__('Group membership set'), false); $response->Respond(); }