public function insertBestelling($id, $keuze)
{
$userDAO = new UserDAO();
$id = $userDAO->getByUserId($id);
$bestregDAO = new BestregDAO();
$bestel = $BestregDAO->insertBestreg($keuze);
}
function executeChange($currUser, $userid, $newrole)
{
if ($newrole !== "1" && $newrole !== "2" && $newrole !== "3" && $newrole !== "4") {
return "Invalid status!";
}
$userDAO = new UserDAO();
$userChan = $userDAO->getUserByID($userid);
$userCurr = $userDAO->getUserByID($currUser);
//get current session user
if ($userCurr->getRole()->getRoleID() !== "1" && $userCurr->getRole()->getRoleID() !== "2") {
return "You have no right to change user status!";
}
if ($userChan === null) {
//database
return "Could not find this user!";
}
if ($userChan->getRole()->getRoleID() === $newrole) {
//type
return "Old status is equal to new status, don't need to change!";
}
if ($userCurr->getRole()->getRoleID() === "2") {
if ($newrole === "1" || $newrole === "2") {
return "You have no right to set an advanced user.";
}
}
$roleDAO = new RoleDAO();
$newroleObj = $roleDAO->getRoleByID($newrole);
$userChan->setRole($newroleObj);
$userDAO->updateUser($userChan);
return true;
}
function execChangeProfile($firstname, $lastname, $sex, $departmentID)
{
if (!isValidName($firstname) || !isValidName($lastname)) {
return "Please enter valid names!";
}
if (!isValidID($departmentID)) {
return "Invalid department id!";
}
$departDAO = new DepartmentDAO();
$depart = $departDAO->getDepartmentByID($departmentID);
if ($depart === null) {
return "Could not find the depart!";
}
$userDAO = new UserDAO();
$user = $userDAO->getUserByID($_SESSION["userID"]);
$user->setDepartment($depart);
if ($user->getFirstName() != $firstname) {
$user->setFirstName($firstname);
}
if ($user->getLastName() != $lastname) {
$user->setLastName($lastname);
}
if ($user->getGender() != $sex) {
$user->setGender($sex);
}
if (isset($_FILES["uploadphoto"])) {
$ans = uploadPhoto($user, $_FILES["uploadphoto"]);
if ($ans !== true) {
return $ans;
}
}
$userDAO->updateUser($user);
return true;
}
function execute()
{
$user = json_decode($_GET['user']);
$dao = new UserDAO();
$user->id = $dao->create($user);
echo json_encode($user);
}
function executeChange($userID, $recordID, $newRecordStatus)
{
if ($newRecordStatus !== "1" && $newRecordStatus !== "2" && $newRecordStatus !== "3") {
return "Invalid status!";
}
$userDAO = new UserDAO();
$user = $userDAO->getUserByID($userID);
$recordDAO = new RecordDAO();
$record = $recordDAO->getRecordByID($recordID);
if ($record === null) {
return "Could not find this record!";
}
if ($record->getDisplayStatus() === $newRecordStatus) {
return "Old status is equal to new status, don't need to change!";
}
if ($user->getRole()->getRoleID() === "3") {
if ($record->getUser()->getUserID() !== $userID) {
return "You have no right to change group status!";
}
if ($newStatus === "3") {
return "You have no right to delete this record!";
}
}
if ($newRecordStatus !== "3") {
$record->setDisplayStatus($newRecordStatus);
$recordDAO->updateRecord($record);
// Do not have updateRecord function
} else {
$recordDAO->deleteRecord($record);
//Do not have this function
}
return true;
}
function verify()
{
if (isset($_GET["groupid"]) && isset($_GET["accept"])) {
$groupID = $_GET["groupid"];
if (!isValidID($groupID)) {
return;
}
$groupDAO = new GroupDAO();
$group = $groupDAO->getGroupByID($groupID);
if ($group === null) {
return;
}
$userDAO = new UserDAO();
$user = $userDAO->getUserByID($_SESSION["userID"]);
$gmDAO = new GroupMemberDAO();
$gm = $gmDAO->getGroupMember($group, $user);
if ($gm === null) {
return;
}
$status = $gm->getAcceptStatus();
if ($status == "1") {
return;
}
if ($_GET["accept"] == "1") {
$gm->setAcceptStatus("1");
$gmDAO->updateGroupMember($gm);
} elseif ($_GET["accept"] == "3") {
$gmDAO->deleteGroupMember($gm);
}
}
}
function execEditGroup($userID, $groupID, $checkedUser)
{
if (gettype($checkedUser) != "array") {
return "Wrong type of group member!";
}
$checkedUser[] = $userID;
$userDAO = new UserDAO();
$user = $userDAO->getUserByID($userID);
if (!isValidID($groupID)) {
return "Invalid group ID!";
}
$groupDAO = new GroupDAO();
$group = $groupDAO->getGroupByID($groupID);
if ($group === null) {
return "Group doesn't exist!";
}
if ($group->getOwner()->getUserID() !== $userID) {
return "You are not the owner of this group!";
}
$gmDAO = new GroupMemberDAO();
$gms = $gmDAO->getGroupMembersByGroup($group);
foreach ($gms as $gm) {
$alreadyUser = $gm->getUser();
if (in_array($alreadyUser->getUserID(), $checkedUser)) {
continue;
}
$gmDAO->deleteGroupMember($gm);
}
return true;
}
function testIsUserInDB()
{
$conn = $this->db->getConnection();
$udao = new UserDAO($this->logger, $this->db);
$this->assertTrue($udao->isUserInDB(930061));
$this->assertTrue(!$udao->isUserInDB(9.345465465465006E+16));
$this->db->closeConnection($conn);
}
function uploadFile($userID, $groupID, $file)
{
$userDAO = new UserDAO();
$user = $userDAO->getUserByID($userID);
if ($user->getRole()->getRoleID() == "4") {
return "This user was forbidden to upload file!";
}
if (!isValidID($groupID)) {
return "Group id is not valid!";
}
$groupDAO = new GroupDAO();
$group = $groupDAO->getGroupByID($groupID);
if ($group === null) {
return "Can not find this group!";
}
if ($group->getActivateStatus() === "2") {
return "Group is not activated!";
}
$groupMemberDAO = new GroupMemberDAO();
$groupMember = $groupMemberDAO->getGroupMember($group, $user);
if ($groupMember === null) {
return "User didn't belong to this group!";
}
if (gettype($file["error"]) == "array") {
return "Only accept one file!";
}
$res = isValidUploadFile($file["error"]);
if ($res !== true) {
return $res;
}
$fileType = -1;
$res = isValidImage($file["name"]);
if ($res === true) {
$fileType = "2";
}
$res = isValidFile($file["name"]);
if ($res === true) {
$fileType = "3";
}
if ($fileType === -1) {
return "Only accepts jpeg/jpg/gif/png/zip file!";
}
$record = new Record($group, $user, $fileType, "temp", "1");
$recordDAO = new RecordDAO();
$recordDAO->insertRecord($record);
$fileDir = "upload/";
$filePath = $fileDir . $record->getRecordID() . "_" . $file["name"];
$record->setContent($filePath);
$recordDAO->updateRecord($record);
if (file_exists($filePath)) {
unlink($filePath);
}
if (!move_uploaded_file($file['tmp_name'], $filePath)) {
return "Fail to move file, please contact administrator!";
}
return true;
}
public function validate($messageManager)
{
$field = $this->form->getField($this->fieldName);
$fieldValue = $field->getValue();
$userDAO = new UserDAO();
$userRecord = $userDAO->getRecordById($this->userId);
if ($userRecord['userPassword'] != $fieldValue) {
$messageManager->addMessage('invalidPassword', array($this->fieldName => $field->getCaption()));
}
}
public function controlUser($userName, $password)
{
$dao = new UserDAO();
$user = $dao->getByGebruikersnaam($userName);
if (isset($user) && $user->getWachtwoord() == $password) {
return true;
} else {
return false;
}
}
function testFetchInstanceUserInfo()
{
$tc = new TwitterCrawler($this->instance, $this->logger, $this->api, $this->db);
$tc->fetchInstanceUserInfo();
$udao = new UserDAO($this->db, $this->logger);
$user = $udao->getDetails(36823);
$this->assertTrue($user->id == 1);
$this->assertTrue($user->user_id == 36823);
$this->assertTrue($user->username == 'anildash');
$this->assertTrue($user->found_in == 'Owner Status');
}
public function validate($messageManager)
{
$field = $this->form->getField($this->fieldName);
$fieldValue = $field->getValue();
if ($fieldValue) {
$dao = new UserDAO();
if (!$dao->isActiveUser($fieldValue)) {
$messageManager->addMessage('userDoesNotExist', array($this->fieldName => $field->getCaption()));
}
}
}
function create()
{
$usr = new UserDAO();
$usr->setName($_POST['name']);
$usr->setAge($_POST['age']);
$model = new UserModel();
$res = $model->create($usr);
if ($res == 1) {
header("Location: " . SITE_URL . "/user/addnew/?e=1");
}
}
function __construct()
{
session_start();
if (isset($_SESSION[AppConstants::SESSION_USER]) === false) {
$_SESSION[AppConstants::SESSION_USER] = '';
$_SESSION[AppConstants::SESSION_PASSWORD] = '';
}
$user = $_SESSION[AppConstants::SESSION_USER];
$pass = $_SESSION[AppConstants::SESSION_PASSWORD];
$userDao = new UserDAO();
$this->_user_USR = $userDao->getUser($user, $pass);
}
/**
* Call
*/
public function call()
{
$jsonObject = $this->app->request()->headers()->get('Authorization');
$userAuth = json_decode($jsonObject);
$userDAO = new UserDAO();
if ($userAuth !== null && is_numeric($userAuth->id) && $userDAO->validateToken($userAuth->id, $userAuth->token)) {
$this->app->authenticated = true;
} else {
$this->app->authenticated = false;
}
$this->next->call();
}
public function searchQuery($queryTitle)
{
$dao = new QueryDAO();
$queryId = $dao->getQueryIdByQueryTitle($queryTitle);
if ($queryId != -1) {
$this->result = $dao->getQueryById($queryId);
} else {
$this->result = -1;
}
$uid = getUID();
$udao = new UserDAO();
$this->result = ListQueriesController::filterQueries($this->result, $udao->selectUserById($uid));
}
public function getUserInfoModel($userid)
{
try {
$userDAO = new UserDAO();
$personDTO = $userDAO->getUserInfo($userid);
return $personDTO;
} catch (PDOException $pdoe) {
throw $pdoe;
} catch (UserNotAuthenticatedExceptionDTO $authExp) {
throw $authExp;
} catch (Exception $e) {
throw $e;
}
}
public function validate($messageManager)
{
$userId = $this->form->getField('userId')->getValue();
if (!empty($userId)) {
$userDAO = new UserDAO();
$user = $userDAO->getRecordById($userId);
if (empty($user['id'])) {
$messageManager->addMessage('errorInvalidUserId');
}
if ($user['userState'] != 'active') {
$messageManager->addMessage('errorUserInactive');
}
}
}
/**
* Returns unique instance of this DAO.
* @return unique instance of this DAO.
*/
public static function getInstance()
{
if (self::$instance == null) {
self::$instance = new UserDAO();
}
return self::$instance;
}
public function executeNew(sfWebRequest $request)
{
if ($request->getMethod() != "POST") {
return;
}
$this->username = $request->getPostParameter("username");
if (!$this->username) {
return $this->setErrorMsg("Username is a required field!");
}
$this->user = UserDAO::getUser($this->username);
if ($this->user) {
return $this->setErrorMsg("That username is already in use!");
}
$this->password1 = $request->getPostParameter("password1");
$this->password2 = $request->getPostParameter("password2");
if (!$this->password1 || !$this->password2) {
return $this->setErrorMsg("Password is a required field");
}
if ($this->password1 != $this->password2) {
return $this->setErrorMsg("Password and password confirm must match!");
}
$this->email = $request->getPostParameter("email");
$this->user = UserDAO::createUser($this->username, $this->password1, $this->email);
$this->login($this->user);
$this->redirect("dashboard/index");
}
protected function handleRequest()
{
$this->errorMessageContainer = $this->form->getValidationResults();
if (!$this->errorMessageContainer->isAnyErrorMessage()) {
$userEmail = $this->form->getField('userEmail')->getValue();
$record = $this->dao->getActiveUserByEmail($userEmail);
if ($record['userState'] != 'active') {
$this->errorMessageContainer->addMessage('errorInvalidUserEmail');
} else {
$record['userPasswordChangeCode'] = $this->dao->getNewPasswordChangeCode($record);
$this->dao->save($record);
$this->sendPasswordRecoveryEmail($record);
$this->redirectAddress = CoreServices2::getUrl()->getCurrentPageUrl('_sm', 'SendLink');
}
}
}
public function execute()
{
if (!isset($_SESSION)) {
session_start();
}
if ($_REQUEST["email"] == "") {
$_REQUEST["field_messages"]["warning"] = "Vous n'avez pas entrez votre email.";
return "index";
}
$user = UserDAO::find($_REQUEST["email"]);
/*if ($user->getIsActivate() == 0)
{
$_REQUEST["field_messages"]["warning"] = "Votre email n'a pas été confirmé.";
return "index";
}*/
if ($user == null) {
$_REQUEST["field_messages"]["error"] = "Utilisateur inexistant.";
return "index";
}
//$hash = loadHashByUsername($_REQUEST["email"]);
if (password_verify($_REQUEST["password"], $user->getPassword())) {
$_SESSION['online']['email'] = $user->getEmail();
$_REQUEST["field_messages"]["success"] = "Vous êtes maintenant connecté!";
return "index";
} else {
$_REQUEST["field_messages"]["warning"] = "Mot de passe incorrect.";
return "index";
}
}
public function validate($messageManager)
{
parent::validate($messageManager);
if (!$messageManager->isAnyErrorMessage()) {
$recordId = $this->form->getField($this->idFieldName)->getValue();
$field = $this->form->getField($this->fieldName);
$fieldValue = $field->getValue();
if (empty($recordId) || $fieldValue != $this->oldValue) {
if (!empty($fieldValue)) {
$dao = new UserDAO();
if ($dao->isRegisteredUser($fieldValue)) {
$messageManager->addMessage('userEmailAlreadyRegistered', array($this->fieldName => $field->getCaption()));
}
}
}
}
}
function searchResourceModel($searchCriteriaForm)
{
$formObjRaw = new FormDTO(SEARCH_USER_FORM, $searchCriteriaForm);
$responseDTO = new ResponseDTO(SEARCH_USER_FORM);
try {
$formDataObj = $formObjRaw->getFormData();
$userDAO = new UserDAO();
$userDTOList = $userDAO->getUserInfoByCriteria($formDataObj);
return $userDTOList;
} catch (PDOException $pdoe) {
throw $pdoe;
} catch (UserNotAuthenticatedExceptionDTO $authExp) {
throw $authExp;
} catch (Exception $e) {
throw $e;
}
}
public function authenticateUser()
{
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header($_SERVER['SERVER_PROTOCOL'] . ' 401 Unauthorized');
header('WWW-Authenticate: Basic realm="REST API of wallas"');
die('This operation requires authentication');
} else {
$userDAO = new UserDAO();
if ($userDAO->isValidUser($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) {
return new \User($_SERVER['PHP_AUTH_USER']);
} else {
header($_SERVER['SERVER_PROTOCOL'] . ' 401 Unauthorized');
header('WWW-Authenticate: Basic realm="REST API of wallas"');
die('The username/password is not valid');
}
}
}
public function checkUser($username, $password)
{
$count = 0;
$userDAO = new UserDAO();
$lijst = $userDAO->getAll();
foreach ($lijst as $user) {
if ($user->getUsername() == $username && $user->getPassword() == $password) {
$count++;
}
}
if ($count >= 1) {
$_SESSION["topSecret"] = "access granted";
} else {
$_SESSION["topSecret"] = "access denied";
echo "FALSE username and/or password";
}
}
function execSignup($username, $password, $confirmpw, $firstname, $lastname, $gender)
{
if ($username == "" || !isValidUsername($username)) {
return "Username is empty or invalid!";
}
if ($password == "" || !isValidPassword($password)) {
return "Password is empty or invalid!";
}
if ($confirmpw == "" || !isValidPassword($confirmpw)) {
return "Confirm Password is empty or invalid!";
}
if ($firstname == "" || !isValidName($firstname)) {
return "First Name is empty or invalid!";
}
if ($lastname == "" || !isValidName($lastname)) {
return "Last Name is empty or invalid!";
}
if ($gender == "" || !isValidGender($gender)) {
return "Gender is empty or invalid!";
}
$userDAO = new UserDAO();
//verify username exist
$result = $userDAO->getUserByUsername($username);
if ($result !== null) {
return "Username exists, please change to another one!";
}
//verify $password == $confirmpw
if ($password != $confirmpw) {
return "Password and Confirm Password must be same!";
}
$roleDAO = new RoleDAO();
$role = $roleDAO->getRoleByID(3);
//normal user
$departmentDAO = new DepartmentDAO();
$depart = $departmentDAO->getDepartmentByID(1);
//root department
$encryptPW = encryptPassword($password);
$photoURL = "photo/default.png";
$user = new User($role, $depart, $username, $encryptPW, $firstname, $lastname, $gender, $photoURL);
if ($userDAO->insertUser($user) === true) {
return true;
} else {
return "Insert user into table error, please contact administrator!";
}
}
/**
* Override default validation
* @see Phreezable::Validate()
*/
public function Validate()
{
// example of custom validation
// $this->ResetValidationErrors();
// $errors = $this->GetValidationErrors();
// if ($error == true) $this->AddValidationError('FieldName', 'Error Information');
// return !$this->HasValidationErrors();
return parent::Validate();
}
public static function controleerGebruiker($gebruikersnaam, $wachtwoord)
{
$user = UserDAO::getByGebruikersnaam($gebruikersnaam);
if (isset($user) && $user->getWachtwoord() == $wachtwoord) {
return true;
} else {
return false;
}
}
