public static function get_users($search = array(), $mysql = false) { // limit based on customer id /*if(!isset($_REQUEST['customer_id']) || !(int)$_REQUEST['customer_id']){ return array(); }*/ // build up a custom search sql query based on the provided search fields $sql = "SELECT *,u.user_id AS id "; $sql .= ", u.name AS name "; $from = " FROM `" . _DB_PREFIX . "user` u "; $where = " WHERE 1 "; $where .= " AND ( (u.customer_id = 0 OR u.customer_id IS NULL) AND (u.vendor_id = 0 OR u.vendor_id IS NULL)) "; if (isset($search['generic']) && $search['generic']) { $str = mysql_real_escape_string($search['generic']); $where .= " AND ( "; $where .= " u.name LIKE '%{$str}%' OR "; $where .= " u.email LIKE '%{$str}%' OR "; $where .= " u.phone LIKE '%{$str}%' OR "; $where .= " u.mobile LIKE '%{$str}%' "; $where .= ' ) '; } if (isset($search['customer_id']) && $search['customer_id']) { /*$str = mysql_real_escape_string($search['customer_id']); $where .= " AND u.customer_id = '$str'"; $sql .= " , c.primary_user_id AS is_primary "; $from .= " LEFT JOIN `"._DB_PREFIX."customer` c ON u.customer_id = c.customer_id ";*/ set_error('Bad usage of get_user() - please report this error.'); return array(); } if (isset($search['security_role_id']) && (int) $search['security_role_id'] > 0) { $str = (int) $search['security_role_id']; $from .= " LEFT JOIN `" . _DB_PREFIX . "user_role` ur ON u.user_id = ur.user_id"; $where .= " AND ur.security_role_id = {$str}"; } foreach (array('email') as $key) { if (isset($search[$key]) && $search[$key] !== '' && $search[$key] !== false) { $str = mysql_real_escape_string($search[$key]); $where .= " AND u.`{$key}` LIKE '{$str}'"; } } foreach (array('is_staff', 'split_hours') as $key) { if (isset($search[$key]) && $search[$key] !== '' && $search[$key] !== false) { $str = mysql_real_escape_string($search[$key]); $where .= " AND u.`{$key}` = '{$str}'"; } } if (class_exists('module_customer', false)) { switch (module_user::get_user_data_access()) { case _USER_ACCESS_ALL: // all user accounts. break; case _USER_ACCESS_ME: $where .= " AND u.`user_id` = " . (int) module_security::get_loggedin_id(); break; case _USER_ACCESS_CONTACTS: $where .= " AND u.`customer_id` > 0 "; break; } /*switch(module_customer::get_customer_data_access()){ case _CUSTOMER_ACCESS_ALL: // all customers! so this means all jobs! break; case _CUSTOMER_ACCESS_CONTACTS: case _CUSTOMER_ACCESS_TASKS: case _CUSTOMER_ACCESS_STAFF: $valid_customer_ids = module_security::get_customer_restrictions(); if(count($valid_customer_ids)){ $where .= " AND u.customer_id IN ( "; foreach($valid_customer_ids as $valid_customer_id){ $where .= (int)$valid_customer_id.", "; } $where = rtrim($where,', '); $where .= " )"; } }*/ } $group_order = ' GROUP BY u.user_id ORDER BY u.name'; // stop when multiple company sites have same region $sql = $sql . $from . $where . $group_order; if ($mysql) { return query($sql); } $result = qa($sql); module_security::filter_data_set("user", $result); return $result; // return get_multiple("user",$search,"user_id","fuzzy","name"); }