function executeChange($currUser, $userid, $newrole)
{
if ($newrole !== "1" && $newrole !== "2" && $newrole !== "3" && $newrole !== "4") {
return "Invalid status!";
}
$userDAO = new UserDAO();
$userChan = $userDAO->getUserByID($userid);
$userCurr = $userDAO->getUserByID($currUser);
//get current session user
if ($userCurr->getRole()->getRoleID() !== "1" && $userCurr->getRole()->getRoleID() !== "2") {
return "You have no right to change user status!";
}
if ($userChan === null) {
//database
return "Could not find this user!";
}
if ($userChan->getRole()->getRoleID() === $newrole) {
//type
return "Old status is equal to new status, don't need to change!";
}
if ($userCurr->getRole()->getRoleID() === "2") {
if ($newrole === "1" || $newrole === "2") {
return "You have no right to set an advanced user.";
}
}
$roleDAO = new RoleDAO();
$newroleObj = $roleDAO->getRoleByID($newrole);
$userChan->setRole($newroleObj);
$userDAO->updateUser($userChan);
return true;
}
function execSignup($username, $password, $confirmpw, $firstname, $lastname, $gender)
{
if ($username == "" || !isValidUsername($username)) {
return "Username is empty or invalid!";
}
if ($password == "" || !isValidPassword($password)) {
return "Password is empty or invalid!";
}
if ($confirmpw == "" || !isValidPassword($confirmpw)) {
return "Confirm Password is empty or invalid!";
}
if ($firstname == "" || !isValidName($firstname)) {
return "First Name is empty or invalid!";
}
if ($lastname == "" || !isValidName($lastname)) {
return "Last Name is empty or invalid!";
}
if ($gender == "" || !isValidGender($gender)) {
return "Gender is empty or invalid!";
}
$userDAO = new UserDAO();
//verify username exist
$result = $userDAO->getUserByUsername($username);
if ($result !== null) {
return "Username exists, please change to another one!";
}
//verify $password == $confirmpw
if ($password != $confirmpw) {
return "Password and Confirm Password must be same!";
}
$roleDAO = new RoleDAO();
$role = $roleDAO->getRoleByID(3);
//normal user
$departmentDAO = new DepartmentDAO();
$depart = $departmentDAO->getDepartmentByID(1);
//root department
$encryptPW = encryptPassword($password);
$photoURL = "photo/default.png";
$user = new User($role, $depart, $username, $encryptPW, $firstname, $lastname, $gender, $photoURL);
if ($userDAO->insertUser($user) === true) {
return true;
} else {
return "Insert user into table error, please contact administrator!";
}
}
function changeUserRole($adminID, $userID, $roleID)
{
$userDAO = new UserDAO();
$roleDAO = new RoleDAO();
$admin = $userDAO->getUserByID($adminID);
$user = $userDAO->getUserByID($userID);
$role = $roleDAO->getRoleByID($roleID);
if ($user === null) {
return "User: "******" doesn't exist!";
}
if ($role === null) {
return "Role: " . $userID . " doesn't exist!";
}
if ($admin->getRole()->getRoleID() == 0 || $admin->getRole()->getRoleID() == 3) {
return "You do not have the right to change user role!";
}
if ($user->getRole()->getRoleID() === $roleID) {
return "The role has already been set!";
}
if ($admin->getRoleID() == 1) {
$user->setRole($role);
$userDAO->updateUser($user);
}
if ($admin->getRole()->getRoleID() == 2) {
if ($roleID == 1 || $roleID() == 2) {
return "You do not have the right to change user role!";
}
$user->setRole($role);
$userDAO->updateUser($user);
echo "<br>You have successfully changed " . $user->getUsername() . "\\'s role to " . $role->getRoleName();
}
}
