function executeChange($currUser, $userid, $newrole) { if ($newrole !== "1" && $newrole !== "2" && $newrole !== "3" && $newrole !== "4") { return "Invalid status!"; } $userDAO = new UserDAO(); $userChan = $userDAO->getUserByID($userid); $userCurr = $userDAO->getUserByID($currUser); //get current session user if ($userCurr->getRole()->getRoleID() !== "1" && $userCurr->getRole()->getRoleID() !== "2") { return "You have no right to change user status!"; } if ($userChan === null) { //database return "Could not find this user!"; } if ($userChan->getRole()->getRoleID() === $newrole) { //type return "Old status is equal to new status, don't need to change!"; } if ($userCurr->getRole()->getRoleID() === "2") { if ($newrole === "1" || $newrole === "2") { return "You have no right to set an advanced user."; } } $roleDAO = new RoleDAO(); $newroleObj = $roleDAO->getRoleByID($newrole); $userChan->setRole($newroleObj); $userDAO->updateUser($userChan); return true; }
function execSignup($username, $password, $confirmpw, $firstname, $lastname, $gender) { if ($username == "" || !isValidUsername($username)) { return "Username is empty or invalid!"; } if ($password == "" || !isValidPassword($password)) { return "Password is empty or invalid!"; } if ($confirmpw == "" || !isValidPassword($confirmpw)) { return "Confirm Password is empty or invalid!"; } if ($firstname == "" || !isValidName($firstname)) { return "First Name is empty or invalid!"; } if ($lastname == "" || !isValidName($lastname)) { return "Last Name is empty or invalid!"; } if ($gender == "" || !isValidGender($gender)) { return "Gender is empty or invalid!"; } $userDAO = new UserDAO(); //verify username exist $result = $userDAO->getUserByUsername($username); if ($result !== null) { return "Username exists, please change to another one!"; } //verify $password == $confirmpw if ($password != $confirmpw) { return "Password and Confirm Password must be same!"; } $roleDAO = new RoleDAO(); $role = $roleDAO->getRoleByID(3); //normal user $departmentDAO = new DepartmentDAO(); $depart = $departmentDAO->getDepartmentByID(1); //root department $encryptPW = encryptPassword($password); $photoURL = "photo/default.png"; $user = new User($role, $depart, $username, $encryptPW, $firstname, $lastname, $gender, $photoURL); if ($userDAO->insertUser($user) === true) { return true; } else { return "Insert user into table error, please contact administrator!"; } }
function changeUserRole($adminID, $userID, $roleID) { $userDAO = new UserDAO(); $roleDAO = new RoleDAO(); $admin = $userDAO->getUserByID($adminID); $user = $userDAO->getUserByID($userID); $role = $roleDAO->getRoleByID($roleID); if ($user === null) { return "User: "******" doesn't exist!"; } if ($role === null) { return "Role: " . $userID . " doesn't exist!"; } if ($admin->getRole()->getRoleID() == 0 || $admin->getRole()->getRoleID() == 3) { return "You do not have the right to change user role!"; } if ($user->getRole()->getRoleID() === $roleID) { return "The role has already been set!"; } if ($admin->getRoleID() == 1) { $user->setRole($role); $userDAO->updateUser($user); } if ($admin->getRole()->getRoleID() == 2) { if ($roleID == 1 || $roleID() == 2) { return "You do not have the right to change user role!"; } $user->setRole($role); $userDAO->updateUser($user); echo "<br>You have successfully changed " . $user->getUsername() . "\\'s role to " . $role->getRoleName(); } }