public function login($email, $password) { try { $sql = "SELECT u.userID AS ID, u.name, u.username, u.emailAddress AS email, u.position, u.celNumber AS cell, up.password, u.role, gg.entityID, eg.TPIN, ug.groupID " . "FROM user u " . "INNER JOIN user_groups ug " . "ON u.userID = ug.userID " . "INNER JOIN user_password up " . "ON u.userID = up.userID " . "LEFT JOIN goventity_groups gg " . "ON ug.groupID = gg.groupID " . "LEFT JOIN extractivecomp_groups eg " . "ON ug.groupID = eg.groupID " . "WHERE u.emailAddress = :email"; // AND up.password = :password"; $query = $this->getConnection()->prepare($sql); $query->setFetchMode(PDO::FETCH_CLASS, '\\ZP\\User'); //$query->bindValue(":username", $username, PDO::PARAM_STR); $query->bindValue(":email", $email, PDO::PARAM_STR); //$query->bindValue(":password", $password, PDO::PARAM_STR); if ($query->execute()) { $user = $query->fetch(PDO::FETCH_OBJ); // $this->cleanResult($query->fetch(), '\ZP\User'); if (!($user && password_verify($password, $user->password))) { //ZP::log('Failed Login Attempt', 'Email Address: '.$email, NULL, $_SESSION['module_number']); return (object) ['success' => false, 'message' => 'Invalid email and/or password']; } $user = new User($user); //if(!$user) //return (object)['success'=>false, 'message'=>'Invalid email and/or password']; $sql = "SELECT g.name, eg.TPIN, ge.entityID, g.groupID " . "FROM `group` g " . "INNER JOIN user_groups ug " . "ON g.groupID = ug.groupID " . "LEFT JOIN goventity_groups ge " . "ON g.groupID = ge.groupID " . "LEFT JOIN extractivecomp_groups eg " . "ON g.groupID = eg.groupID " . "WHERE ug.userID = :userID"; $query = $this->getConnection()->prepare($sql); $query->bindValue(":userID", $user->getID(), PDO::PARAM_INT); $query->setFetchMode(PDO::FETCH_OBJ); $query->execute(); $group = $query->fetch(); $sql = "SELECT p.permissionID, p.name " . "FROM permissions p " . "INNER JOIN group_permissions gp " . "ON p.permissionID = gp.permissionID " . "INNER JOIN user_groups ug " . "ON gp.groupID = ug.groupID " . "WHERE ug.userID = :userID AND p.name != 'View Reports';"; $query = $this->getConnection()->prepare($sql); $query->bindValue(":userID", $user->getID(), PDO::PARAM_INT); $query->setFetchMode(PDO::FETCH_OBJ); $query->execute(); $group->permissions = $query->fetchAll(); $group = new Group($group); if (!is_null($group->getTPIN())) { $TPIN = $group->getTPIN(); $sql = "SELECT ec.companyName AS name, ec.dateOfEstablishment AS date, ec.TPIN AS id, ec.contactAddress AS address, " . "ec.companyCapital AS capital, ec.primaryBusiness AS `primary`, ec.secondaryBusiness AS `secondary` " . "FROM extractivecompany ec " . "INNER JOIN extractivecomp_groups eg " . "ON ec.TPIN = eg.TPIN " . "WHERE eg.TPIN = {$TPIN};"; $stmt = $this->getConnection()->prepare($sql); $stmt->setFetchMode(PDO::FETCH_OBJ); $stmt->execute(); $entity = new ExtractiveCompany($stmt->fetch()); $stmt = $this->getConnection()->prepare("SELECT et.templateID FROM extractivecomp_templates et WHERE et.TPIN = {$TPIN};"); $stmt->execute(); $entity->setTemplates($stmt->fetchAll(PDO::FETCH_OBJ)); } else { $entityID = $group->getEntityID(); $sql = "SELECT ge.entityName AS name, ge.dateOfEstablishment AS date, ge.entityID AS id, ge.contactAddress AS address " . "FROM governmententity ge " . "INNER JOIN goventity_groups gg " . "ON ge.entityID = gg.entityID " . "WHERE gg.entityID = {$entityID};"; $stmt = $this->getConnection()->prepare($sql); $stmt->setFetchMode(PDO::FETCH_OBJ); $stmt->execute(); $entity = new GovernmentEntity($stmt->fetch()); $stmt = $this->getConnection()->prepare("SELECT et.templateID FROM goventity_templates et WHERE et.entityID = {$entityID};"); $stmt->execute(); $entity->setTemplates($stmt->fetchAll(PDO::FETCH_OBJ)); } return (object) ['success' => true, 'user' => $user, 'group' => $group, 'entity' => $entity, 'modules' => $this->createModules($group->getPermissions())]; } return (object) ['success' => false, 'exception' => 'Could not login. Internal error occurred.']; } catch (\PDOException $e) { return (object) ['success' => false, 'exception' => $e]; } }
public function addGroup($group) { try { $this->getConnection()->beginTransaction(); $group = new Group($group); if (count($group->getErrors()) > 0) { return ['success' => false, 'errors' => $group->getErrors()]; } $sql = "INSERT INTO `group` (groupID, name) " . "VALUES (:groupID, :name) " . "ON DUPLICATE KEY UPDATE name = VALUES(name), " . "groupID=LAST_INSERT_ID(groupID);"; $query = $this->getConnection()->prepare($sql); $query->bindValue(":groupID", $group->getGroupID(), PDO::PARAM_INT); $query->bindValue(":name", $group->getName(), PDO::PARAM_STR); //return $query; if ($query->execute()) { $insertID = $this->getConnection()->lastInsertId(); $result = $this->addGroupPermissions($insertID, $group->getPermissions()); $group->setGroupID($insertID); if ($result["success"]) { if (!is_null($group->getEntityID())) { $entityID = $group->getEntityID(); $sql = "INSERT INTO goventity_groups (groupID, entityID) " . "VALUES ({$insertID}, {$entityID}) " . "ON DUPLICATE KEY UPDATE groupID = groupID;"; $stmt = $this->getConnection()->prepare($sql); $stmt->execute(); $this->getConnection()->commit(); ZP::log('Add Group', json_encode($group), $_SESSION['user']->getID(), $_SESSION['module_number']); return $this->getEntities(); } else { $TPIN = $group->getTPIN(); $sql = "INSERT INTO extractivecomp_groups (groupID, TPIN) " . "VALUES ({$insertID}, {$TPIN}) " . "ON DUPLICATE KEY UPDATE groupID = groupID;"; $stmt = $this->getConnection()->prepare($sql); $stmt->execute(); $this->getConnection()->commit(); ZP::log('Add Group', json_encode($group), $_SESSION['user']->getID(), $_SESSION['module_number']); return $this->getEntities(); } } return ["success" => false, "exception" => $result["exception"]]; } return ['success' => false, 'exception' => "Internal error occurred. Group could not be added."]; } catch (\PDOException $e) { $this->getConnection()->rollBack(); return ['success' => false, 'exception' => $e]; } }