/**
* We need to update the user groups
*/
private function UpdateUserGroups()
{
$db =& $this->db;
// Get all the current users in the system
$SQL = "SELECT UserID, groupID, UserName FROM `user`";
if (!($result = $db->query($SQL))) {
reportError('20.php', "Error creating user groups" . $db->error());
}
while ($row = $db->get_assoc_row($result)) {
// For each display create a display group and link it to the display
$ugid = 0;
$userID = Kit::ValidateParam($row['UserID'], _INT);
$groupID = Kit::ValidateParam($row['groupID'], _INT);
$username = Kit::ValidateParam($row['UserName'], _STRING);
$ug = new UserGroup($db);
// For each one create a user specific group
if (!($ugId = $ug->Add($username, 1))) {
reportError('20.php', "Error creating user groups" . $db->error());
}
// Link to the users own userspecific group and also to the one they were already on
$ug->Link($ugId, $userID);
$ug->Link($groupID, $userID);
}
}
function getGroupFromID($id, $returnID = false)
{
$db =& $this->db;
$SQL = "";
$SQL .= "SELECT group.group, ";
$SQL .= " group.groupID ";
$SQL .= "FROM `user` ";
$SQL .= " INNER JOIN lkusergroup ";
$SQL .= " ON lkusergroup.UserID = user.UserID ";
$SQL .= " INNER JOIN `group` ";
$SQL .= " ON group.groupID = lkusergroup.GroupID ";
$SQL .= sprintf("WHERE `user`.userid = %d ", $id);
$SQL .= "AND `group`.IsUserSpecific = 1";
if (!($results = $db->query($SQL))) {
trigger_error($db->error());
trigger_error("Error looking up user information (group)", E_USER_ERROR);
}
if ($db->num_rows($results) == 0) {
// Every user should have a group?
// Add one in!
Kit::ClassLoader('usergroup');
$userGroupObject = new UserGroup($db);
if (!($groupID = $userGroupObject->Add($this->getNameFromID($id), 1))) {
// Error
trigger_error(__('User does not have a group and we are unable to add one.'), E_USER_ERROR);
}
// Link the two
$userGroupObject->Link($groupID, $id);
if ($returnID) {
return $groupID;
}
return 'Unknown';
}
$row = $db->get_row($results);
if ($returnID) {
return $row[1];
}
return $row[0];
}
/**
* Sets the Members of a group
* @return
*/
public function SetMembers()
{
$db =& $this->db;
$response = new ResponseManager();
$groupObject = new UserGroup($db);
$groupID = Kit::GetParam('GroupID', _REQUEST, _INT);
$users = Kit::GetParam('UserID', _POST, _ARRAY, array());
$members = array();
// Users in group
$SQL = "";
$SQL .= "SELECT user.UserID, ";
$SQL .= " user.UserName ";
$SQL .= "FROM `user` ";
$SQL .= " INNER JOIN lkusergroup ";
$SQL .= " ON lkusergroup.UserID = user.UserID ";
$SQL .= sprintf("WHERE lkusergroup.GroupID = %d", $groupID);
if (!($resultIn = $db->query($SQL))) {
trigger_error($db->error());
trigger_error(__('Error getting Users'));
}
while ($row = $db->get_assoc_row($resultIn)) {
// Test whether this ID is in the array or not
$userID = Kit::ValidateParam($row['UserID'], _INT);
if (!in_array($userID, $users)) {
// Its currently assigned but not in the $displays array
// so we unassign
if (!$groupObject->Unlink($groupID, $userID)) {
trigger_error($groupObject->GetErrorMessage(), E_USER_ERROR);
}
} else {
$members[] = $userID;
}
}
foreach ($users as $userID) {
// Add any that are missing
if (!in_array($userID, $members)) {
if (!$groupObject->Link($groupID, $userID)) {
trigger_error($groupObject->GetErrorMessage(), E_USER_ERROR);
}
}
}
$response->SetFormSubmitResponse(__('Group membership set'), false);
$response->Respond();
}
/**
* Adds a user
* @param string $password
* @param int $initialGroupId
* @return bool
*/
public function add($password, $initialGroupId)
{
// Validation
if ($this->userName == '' || strlen($this->userName) > 50) {
return $this->SetError(__('User name must be between 1 and 50 characters.'));
}
if ($password == '') {
return $this->SetError(__('Please enter a Password.'));
}
if ($this->homePage == '') {
$this->homePage = "dashboard";
}
// Test the password
if (!$this->testPasswordAgainstPolicy($password)) {
return false;
}
try {
$dbh = PDOConnect::init();
// Check for duplicate user name
$sth = $dbh->prepare('SELECT UserName FROM `user` WHERE UserName = :userName');
$sth->execute(array('userName' => $this->userName));
$results = $sth->fetchAll();
if (count($results) > 0) {
$this->ThrowError(__('There is already a user with this name. Please choose another.'));
}
// Ready to enter the user into the database
$password = md5($password);
// Run the INSERT statement
$SQL = 'INSERT INTO user (UserName, UserPassword, usertypeid, email, homepage)
VALUES (:userName, :password, :userTypeId, :email, :homePage)';
$insertSth = $dbh->prepare($SQL);
$insertSth->execute(array('userName' => $this->userName, 'password' => $password, 'userTypeId' => $this->userTypeId, 'email' => $this->email, 'homePage' => $this->homePage));
// Get the ID of the record we just inserted
$this->userId = $dbh->lastInsertId();
// Add the user group
$userGroupObject = new UserGroup();
$groupId = $userGroupObject->Add($this->userName, 1);
// Link them
$userGroupObject->Link($groupId, $this->userId);
// Link the initial group
$userGroupObject->Link($initialGroupId, $this->userId);
return true;
} catch (Exception $e) {
Debug::Error($e->getMessage());
if (!$this->IsError()) {
$this->SetError(1, __('Unknown Error'));
}
return false;
}
}
/**
* Adds a user
*
* @return unknown
*/
function AddUser()
{
// Check the token
if (!Kit::CheckToken()) {
trigger_error('Token does not match', E_USER_ERROR);
}
$db =& $this->db;
$response = new ResponseManager();
$username = Kit::GetParam('username', _POST, _STRING);
$password = Kit::GetParam('password', _POST, _STRING);
$email = Kit::GetParam('email', _POST, _STRING);
$usertypeid = Kit::GetParam('usertypeid', _POST, _INT);
$homepage = Kit::GetParam('homepage', _POST, _STRING);
$initialGroupId = Kit::GetParam('groupid', _POST, _INT);
// Validation
if ($username == "") {
trigger_error("Please enter a User Name.", E_USER_ERROR);
}
if ($password == "") {
trigger_error("Please enter a Password.", E_USER_ERROR);
}
if ($homepage == "") {
$homepage = "dashboard";
}
// Test the password
Kit::ClassLoader('userdata');
$userData = new Userdata($db);
if (!$userData->TestPasswordAgainstPolicy($password)) {
trigger_error($userData->GetErrorMessage(), E_USER_ERROR);
}
// Check for duplicate user name
$sqlcheck = " ";
$sqlcheck .= sprintf("SELECT UserName FROM user WHERE UserName = '******'", $db->escape_string($username));
if (!($sqlcheckresult = $db->query($sqlcheck))) {
trigger_error($db->error());
trigger_error("Cant get this user's name. Please try another.", E_USER_ERROR);
}
if ($db->num_rows($sqlcheckresult) != 0) {
trigger_error("Could Not Complete, Duplicate User Name Exists", E_USER_ERROR);
}
// Ready to enter the user into the database
$password = md5($password);
// Run the INSERT statement
$query = "INSERT INTO user (UserName, UserPassword, usertypeid, email, homepage)";
$query .= " VALUES ('{$username}', '{$password}', {$usertypeid}, '{$email}', '{$homepage}')";
if (!($id = $db->insert_query($query))) {
trigger_error($db->error());
trigger_error("Error adding that user", E_USER_ERROR);
}
// Add the user group
$userGroupObject = new UserGroup($db);
if (!($groupID = $userGroupObject->Add($username, 1))) {
// We really want to delete the new user...
//TODO: Delete the new user
// And then error
trigger_error($userGroupObject->GetErrorMessage(), E_USER_ERROR);
}
$userGroupObject->Link($groupID, $id);
// Link the initial group
$userGroupObject->Link($initialGroupId, $id);
$response->SetFormSubmitResponse('User Saved.');
$response->Respond();
}
/**
* Sets the Members of a group
*/
public function SetMembers()
{
$db =& $this->db;
$response = new ResponseManager();
$groupObject = new UserGroup($db);
$groupId = Kit::GetParam('GroupID', _REQUEST, _INT);
$users = Kit::GetParam('UserID', _POST, _ARRAY, array());
// We will receive a list of users from the UI which are in the "assign column" at the time the form is
// submitted.
// We want to go through and unlink any users that are NOT in that list, but that the current user has access
// to edit.
// We want to add any users that are in that list (but aren't already assigned)
// All users that this session has access to
if (!($allUsers = $this->user->userList())) {
trigger_error(__('Error getting all users'), E_USER_ERROR);
}
// Convert to an array of ID's for convenience
$allUserIds = array_map(function ($array) {
return $array['userid'];
}, $allUsers);
// Users in group
$usersAssigned = UserData::entries(null, array('groupIds' => array($groupId)));
Debug::Audit('All userIds we want to assign: ' . var_export($users, true));
Debug::Audit('All userIds we have access to: ' . var_export($allUserIds, true));
foreach ($usersAssigned as $user) {
/* @var Userdata $user */
// Did this session have permission to do anything to this user?
// If not, move on
if (!in_array($user->userId, $allUserIds)) {
continue;
}
Debug::Audit('Logged in user has permission to make changes to this assigned user ' . $user->userId);
// Is this user in the provided list of users?
if (in_array($user->userId, $users)) {
// This user is already assigned, so we remove it from the $users array
Debug::Audit('This user is already assigned ' . $user->userId);
if (($key = array_search($user->userId, $users)) !== false) {
unset($users[$key]);
}
} else {
Debug::Audit('This user is assigned, but not in the list of assignments ' . $user->userId);
// It isn't therefore needs to be removed
if (!$groupObject->Unlink($groupId, $user->userId)) {
trigger_error($groupObject->GetErrorMessage(), E_USER_ERROR);
}
}
}
Debug::Audit('All userIds we want to assign after sorting: ' . var_export($users, true));
// Add any users that are still missing after tha assignment process
foreach ($users as $userId) {
Debug::Audit('User was missing, linking them: ' . $userId);
// Add any that are missing
if (!$groupObject->Link($groupId, $userId)) {
trigger_error($groupObject->GetErrorMessage(), E_USER_ERROR);
}
}
$response->SetFormSubmitResponse(__('Group membership set'), false);
$response->Respond();
}
