/**
* Search users
* Static function.
*
* @param string search : search user by lastname, firstname or login
* @param string letter : search user by first lastname letter
* @param integer group : search user by group ID
* @param string order : order by fieldname (without suffix). default : lastname, firstname
* @param integer start : search start offset
* @param integer limit : search limit (default : 0 : unlimited)
* @param boolean activeOnly : return only active users (default : false)
* @param boolean returnObjects : return CMS_profile_user objects (default) or array of userId
* @return array(CMS_profile_user)
* @access public
*/
static function search($search = '', $letter = '', $group = '', $order = '', $direction = 'asc', $start = 0, $limit = 0, $activeOnly = false, $returnObjects = true, &$score = array())
{
$start = (int) $start;
$limit = (int) $limit;
$group = (int) $group;
$direction = in_array(io::strtolower($direction), array('asc', 'desc')) ? io::strtolower($direction) : 'asc';
$keywordsWhere = $letterWhere = $groupWhere = $orderBy = $orderClause = $idWhere = '';
$select = 'id_pru';
if (io::strpos($search, ':noroot:') !== false) {
$idWhere = " and id_pru != '" . ROOT_PROFILEUSER_ID . "'";
$search = trim(str_replace(':noroot:', '', $search));
}
if (io::substr($search, 0, 5) == 'user:'******'" . sensitiveIO::sanitizeSQLString(io::substr($search, 5)) . "'";
$search = '';
}
if (io::substr($search, 0, 6) == 'group:' && sensitiveIO::isPositiveInteger(io::substr($search, 6))) {
$group = io::substr($search, 6);
$search = '';
}
if ($search) {
//clean user keywords (never trust user input, user is evil)
$keyword = strtr($search, ",;", " ");
$words = array();
$words = array_map("trim", array_unique(explode(" ", io::strtolower($keyword))));
$cleanedWords = array();
foreach ($words as $aWord) {
if ($aWord && $aWord != '' && io::strlen($aWord) >= 3) {
$aWord = str_replace(array('%', '_'), array('\\%', '\\_'), $aWord);
if (htmlentities($aWord) != $aWord) {
$cleanedWords[] = htmlentities($aWord);
}
$cleanedWords[] = $aWord;
}
}
if (!$cleanedWords) {
//if no words after cleaning, return
return array();
}
foreach ($cleanedWords as $cleanedWord) {
$keywordsWhere .= $keywordsWhere ? " and " : '';
$keywordsWhere .= " (\n\t\t\t\t\tlastName_pru like '%" . sensitiveIO::sanitizeSQLString($cleanedWord) . "%'\n\t\t\t\t\tor firstName_pru like '%" . sensitiveIO::sanitizeSQLString($cleanedWord) . "%'\n\t\t\t\t\tor login_pru like '%" . sensitiveIO::sanitizeSQLString($cleanedWord) . "%'\n\t\t\t\t)";
}
$keywordsWhere = ' and ((' . $keywordsWhere . ')';
$select .= " , MATCH (lastName_pru, firstName_pru, login_pru) AGAINST ('" . sensitiveIO::sanitizeSQLString($search) . "') as m ";
$keywordsWhere .= " or MATCH (lastName_pru, firstName_pru, login_pru) AGAINST ('" . sensitiveIO::sanitizeSQLString($search) . "') )";
}
if ($letter && io::strlen($letter) === 1) {
$letterWhere = " and lastName_pru like '" . sensitiveIO::sanitizeSQLString($letter) . "%'";
}
if ($group) {
$groupUsers = CMS_profile_usersGroupsCatalog::getGroupUsers($group, false);
if (!$groupUsers) {
return array();
}
$groupWhere = " and id_pru in (" . implode(',', $groupUsers) . ")";
}
if ($order != 'score') {
if ($order) {
$found = false;
$sql = "DESCRIBE profilesUsers";
$q = new CMS_query($sql);
while ($field = $q->getValue('Field')) {
if ($field == $order . '_pru') {
$found = true;
}
}
if ($found) {
$orderBy = $order . '_pru';
} else {
$orderBy = 'lastName_pru,firstName_pru';
}
} else {
$orderBy = 'lastName_pru,firstName_pru';
}
if ($orderBy) {
$orderClause = "order by\n\t\t\t\t\t" . $orderBy . "\n\t\t\t\t\t" . $direction;
}
} elseif ($search) {
$orderClause = " order by m " . $direction;
}
$sql = "\n\t\t\tselect\n\t\t\t\t" . $select . "\n\t\t\tfrom\n\t\t\t\tprofilesUsers\n\t\t\twhere \n\t\t\t deleted_pru='0'\n\t\t\t" . ($activeOnly ? " and active_pru='1' " : '') . "\n\t\t\t" . $keywordsWhere . "\n\t\t\t" . $letterWhere . "\n\t\t\t" . $groupWhere . "\n\t\t\t" . $idWhere . "\n\t\t\t" . $orderClause . "\n\t\t";
if ($limit) {
$sql .= "limit \n\t\t\t\t" . $start . ", " . $limit;
}
$q = new CMS_query($sql);
//pr($sql);
//pr($q->getNumRows());
$users = array();
while ($r = $q->getArray()) {
$id = $r['id_pru'];
//set match score if exists
if (isset($r['m'])) {
$score[$id] = $r['m'];
}
if ($returnObjects) {
$usr = CMS_profile_usersCatalog::getByID($id);
if (is_a($usr, "CMS_profile_user") && !$usr->hasError()) {
if ($activeOnly && $usr->isActive() || !$activeOnly) {
$users[] = $usr;
}
}
} else {
$users[] = $id;
}
}
//pr($score);
return $users;
}
/**
* Get all selected recipients for the field
* @return array of usersIds which are recipients of the notification
* @access public
*/
private function _getRecipients($objectID)
{
$params = $this->getParamsValues();
$recipients = array();
if (isset($params['usersGroupsField']) && $params['usersGroupsField']) {
//instanciate related item
$item = CMS_poly_object_catalog::getObjectByID($objectID, false, true);
if (!is_object($item) || $item->hasError()) {
return $recipients;
}
//does selected field represent users or groups ?
$field = new CMS_poly_object_field($params['usersGroupsField']);
$isGroup = $field->getParameter('isGroup');
//get item field value
$ids = $item->objectValues($params['usersGroupsField'])->getValue('ids');
if (!$ids) {
return array();
}
//get users ids
if ($isGroup) {
foreach ($ids as $groupId) {
$usersIds = CMS_profile_usersGroupsCatalog::getGroupUsers($groupId, false);
foreach ($usersIds as $userId) {
$recipients[$userId] = $userId;
}
}
} else {
$recipients = $ids;
}
} else {
//get all active users ids
$allUsers = CMS_profile_usersCatalog::getAll(true, false, false);
//check if user is in included or excluded parameters lists
$selectedGroups = $params['disableGroups'] ? explode(';', $params['disableGroups']) : array();
$selectedUsers = $params['disableUsers'] ? explode(';', $params['disableUsers']) : array();
//check all users to see if it match selection parameters
foreach ($allUsers as $userId) {
if ($params['includeExclude']) {
//user must be in selected groups or users to get email
$userSelected = false;
if (is_array($selectedGroups) && $selectedGroups) {
foreach ($selectedGroups as $groupId) {
if (CMS_profile_usersGroupsCatalog::userBelongsToGroup($userId, $groupId)) {
$userSelected = true;
}
}
}
if (is_array($selectedUsers) && $selectedUsers && in_array($userId, $selectedUsers)) {
$userSelected = true;
}
} else {
//user must NOT be in selected groups or users to get email
$userSelected = true;
if (is_array($selectedGroups) && $selectedGroups) {
foreach ($selectedGroups as $groupId) {
if (CMS_profile_usersGroupsCatalog::userBelongsToGroup($userId, $groupId)) {
$userSelected = false;
}
}
}
if (is_array($selectedUsers) && $selectedUsers && in_array($userId, $selectedUsers)) {
$userSelected = false;
}
}
if ($userSelected) {
$recipients[] = $userId;
}
}
}
return $recipients;
}
$dir = sensitiveIO::request('dir');
$start = sensitiveIO::request('start', 'sensitiveIO::isPositiveInteger', 0);
$limit = sensitiveIO::request('limit', 'sensitiveIO::isPositiveInteger', CMS_session::getRecordsPerPage());
$filter = sensitiveIO::request('filter') ? true : false;
$withGroups = sensitiveIO::request('groups') ? true : false;
$withoutRoot = sensitiveIO::request('withoutroot') ? true : false;
$usersDatas = array();
$usersDatas['users'] = array();
if (!$cms_user->hasAdminClearance(CLEARANCE_ADMINISTRATION_EDITUSERS)) {
CMS_grandFather::raiseError('User has no users management rights ...');
$view->setContent($usersDatas);
$view->show();
}
//load group's users if any
if ($groupId) {
$groupUsers = CMS_profile_usersGroupsCatalog::getGroupUsers($groupId, false);
} else {
$groupUsers = array();
}
//remove root user from search
if ($withoutRoot) {
$search = ':noroot: ' . $search;
}
if ($groupId && $filter) {
//search users
$users = CMS_profile_usersCatalog::search($search, $letter, $groupId, $sort, $dir, $start, $limit);
} else {
//search users
$users = CMS_profile_usersCatalog::search($search, $letter, false, $sort, $dir, $start, $limit);
}
//loop over users to get all required infos
