Пример #1
0
function buildListUsers()
{
    //Build the users of the selected list.
    global $debug, $message, $success, $Dbc, $returnThis;
    $output = '';
    try {
        if (empty($_POST['listId'])) {
            throw new Adrlist_CustomException('', '$_POST[\'listId\'] is empty.');
        } elseif (!is_numeric($_POST['listId'])) {
            throw new Adrlist_CustomException('', '$_POST[\'listId\'] is not numeric.');
        }
        //Get the user's list role.
        $listInfo = getListInfo($_SESSION['userId'], $_POST['listId']);
        if ($listInfo === false || $listInfo['listRoleId'] < 3) {
            //The user must be a Manager (3) or higher to view list users.
            throw new Adrlist_CustomException("Your role does not allow you to edit this list.", '');
        }
        //Select the existing users.
        $listUsersCountStmt = "SELECT\n\tCOUNT(users.userId) AS 'count'\nFROM\n\tusers\nJOIN\n\tuserListSettings ON userListSettings.userId = users.userId AND\n\tuserListSettings.listId = ?\nWHERE\n\tusers.userId != ?";
        $listUsersStmt = "SELECT\n\tusers.userId AS 'userId',\n\tCONCAT_WS(' ',users.firstName,users.lastName) AS 'name',\n\tusers.primaryEmail AS 'primaryEmail',\n\tuserListSettings.listRoleId AS 'listRoleId',\n\tuserListSettings.dateAdded AS 'dateAdded'\nFROM\n\tusers\nJOIN\n\tuserListSettings ON userListSettings.userId = users.userId AND\n\tuserListSettings.listId = ?\nWHERE\n\tusers.userId != ?";
        /*GROUP BY
        	users.primaryEmail*/
        $listUsersEndStmt = "\nORDER BY\n\tCONCAT_WS(' ',users.firstName,users.lastName), users.primaryEmail";
        //Select the users with pending invitations.
        $pendingUsersCountStmt = "SELECT\n\tCOUNT(email) AS 'count'\nFROM\n\tinvitations\nWHERE\n\tlistId = ? AND\n\trespondDate IS NULL AND\n\temail NOT IN (SELECT users.primaryEmail FROM users)";
        $pendingUsersStmt = "SELECT\n\tinvitationId AS 'invitationId',\n\temail AS 'email',\n\tlistRoleId AS 'listRoleId',\n\tsentDate AS 'sentDate',\n\tsenderId AS 'senderId'\nFROM\n\tinvitations\nWHERE\n\tlistId = ? AND\n\trespondDate IS NULL AND\n\temail NOT IN (SELECT users.primaryEmail FROM users)";
        $pendingUsersEndStmt = "\nORDER BY\n\temail";
        if (!empty($_POST['searchVal']) && !empty($_POST['searchFor']) && $_POST['searchFor'] == 'listUsers') {
            $searchListUsers = true;
            $searchVal = '%' . trim($_POST['searchVal']) . '%';
            $listUsersSearchQuery = " AND\n\t(users.firstName LIKE ? || users.lastName LIKE ? || users.primaryEmail LIKE ?)";
            $listUsersStmt = $listUsersStmt . $listUsersSearchQuery . $listUsersEndStmt;
            $listUsersParams = array($_POST['listId'], $_SESSION['userId'], $searchVal, $searchVal, $searchVal);
            $listUsersCountStmt .= $listUsersSearchQuery;
        } else {
            $searchListUsers = false;
            $listUsersStmt .= $listUsersEndStmt;
            $listUsersParams = array($_POST['listId'], $_SESSION['userId']);
        }
        if (!empty($_POST['searchVal']) && !empty($_POST['searchFor']) && $_POST['searchFor'] == 'pendingListUsers') {
            $searchPendingListUsers = true;
            $searchVal = '%' . trim($_POST['searchVal']) . '%';
            $pendingUsersSearchQuery = " AND\nemail LIKE ?";
            $pendingUsersStmt = $pendingUsersStmt . $pendingUsersSearchQuery . $pendingUsersEndStmt;
            $pendingUsersParams = array($_POST['listId'], $searchVal);
            $pendingUsersCountStmt .= $pendingUsersSearchQuery;
        } else {
            $searchPendingListUsers = false;
            $pendingUsersStmt = $pendingUsersStmt . $pendingUsersEndStmt;
            $pendingUsersParams = array($_POST['listId']);
        }
        $listUsersCountStmt = $Dbc->prepare($listUsersCountStmt);
        $listUsersCountStmt->execute($listUsersParams);
        $row = $listUsersCountStmt->fetch(PDO::FETCH_ASSOC);
        $itemCount = $row['count'];
        $pagination = new Adrlist_Pagination('buildListUsers', 'listUsers', $itemCount, 'Search Users', $searchListUsers);
        $pagination->addSearchParameters(array('listId' => $_POST['listId'], 'searchFor' => 'listUsers'));
        list($offset, $limit) = $pagination->offsetLimit();
        $listUsersStmt = $Dbc->prepare($listUsersStmt . " LIMIT {$offset}, {$limit}");
        $listUsersStmt->execute($listUsersParams);
        $pendingUsersCountStmt = $Dbc->prepare($pendingUsersCountStmt);
        $pendingUsersCountStmt->execute($pendingUsersParams);
        $row = $pendingUsersCountStmt->fetch(PDO::FETCH_ASSOC);
        $itemCount = $row['count'];
        $pendingPagination = new Adrlist_Pagination('buildListUsers', 'pendingListUsers', $itemCount, 'Search Pending Users', $searchPendingListUsers);
        $pendingPagination->addSearchParameters(array('listId' => $_POST['listId'], 'searchFor' => 'pendingListUsers'));
        list($pendingOffset, $pendingLimit) = $pendingPagination->offsetLimit();
        $pendingUsersStmt = $Dbc->prepare($pendingUsersStmt . " LIMIT {$pendingOffset}, {$pendingLimit}");
        $pendingUsersStmt->execute($pendingUsersParams);
        $listInfo = getListInfo($_SESSION['userId'], $_POST['listId']);
        $listUsersCount = 0;
        $listUsersArray = array();
        $listUsersHiddenRow = array();
        while ($row = $listUsersStmt->fetch(PDO::FETCH_ASSOC)) {
            $listUsersCount++;
            $name = '<button class="ui-btn ui-mini ui-btn-icon-right ui-icon-carat-r ui-btn-inline ui-corner-all" toggle="existingUser' . $row['userId'] . '">' . $row['name'] . '</button>';
            $email = '<a href="mailto:' . $row['primaryEmail'] . '">' . breakEmail($row['primaryEmail'], 30) . '</a>';
            $date = $row['dateAdded'] != '0000-00-00 00:00:00' ? Adrlist_Time::utcToLocal($row['dateAdded']) : 'n/a';
            $listUsersArray[$row['userId']] = array($name, $date);
            //The user rowActions.
            $userActions = '';
            if ($listInfo['listRoleId'] <= 3 && $row['listRoleId'] >= 3) {
                //List managers cannot change the role of managers or owners.
                $role = role($row['listRoleId']);
            } else {
                $additionalAttributes = array('class' => 'changeListRole', 'userId' => $row['userId'], 'listId' => $_POST['listId']);
                $role = buildRoles('changeListRole' . $row['userId'], $row['listRoleId'], array(0, 1, 2, 3), $additionalAttributes);
            }
            if ($listInfo['listRoleId'] >= 3) {
                $userActions .= '<div class="ui-field-contain"><label for="existingRole' . $row['userId'] . '">List Role ' . faqLink(24) . '</label>' . $role . '</div>';
                $userActions .= $row['listRoleId'] < 3 || $listInfo['listRoleId'] == 4 ? '<button class="removeUserFromList ui-btn ui-btn-inline ui-corner-all ui-mini" listId="' . $_POST['listId'] . '" userId="' . $row['userId'] . '" listName="' . $listInfo['listName'] . '"><i class="fa fa-times" ></i>Remove User</button>' : '';
            }
            $listUsersHiddenRow[$row['userId']] = array('existingUser' . $row['userId'], $userActions);
        }
        //Build pending list users.
        $pendingListUsersCount = 0;
        $pendingUsersArray = array();
        $pendingUsersHiddenRow = array();
        while ($pendingRow = $pendingUsersStmt->fetch(PDO::FETCH_ASSOC)) {
            $pendingListUsersCount++;
            $name = '<button class="ui-btn ui-mini ui-btn-icon-right ui-icon-carat-r ui-btn-inline ui-corner-all" toggle="pendingUser' . $pendingRow['invitationId'] . '">' . $pendingRow['email'] . '</button>';
            $email = '<a href="mailto:' . $pendingRow['email'] . '">' . breakEmail($pendingRow['email'], 40) . '</a>';
            $sentDate = $pendingRow['sentDate'] != '0000-00-00 00:00:00' ? Adrlist_Time::utcToLocal($pendingRow['sentDate']) : 'n/a';
            $pendingUsersArray[$pendingRow['invitationId']] = array($name, $sentDate);
            //The pending list user rowActions.
            $userActions = '';
            if ($listInfo['listRoleId'] == 3 && $pendingRow['listRoleId'] >= 3) {
                //Managers cannot change the role of other managers.
                $role = role($pendingRow['listRoleId']);
            } else {
                $additionalAttributes = array('class' => 'changePendingRole', 'invitationId' => $pendingRow['invitationId'], 'adrtype' => 'list', 'typeid' => $_POST['listId']);
                $role = buildRoles('', $pendingRow['listRoleId'], array(0, 1, 2, 3), $additionalAttributes);
            }
            if ($listInfo['listRoleId'] >= 3) {
                $userActions .= '<div class="ui-field-contain"><label for="pendingRole' . $pendingRow['invitationId'] . '">List Role ' . faqLink(24) . '</label>' . $role . '</div>
<button adrType="list" class="removeInvitation ui-btn ui-btn-inline ui-corner-all ui-mini" invitationId="' . $pendingRow['invitationId'] . '" typeId="' . $_POST['listId'] . '"><i class="fa fa-times" ></i>Remove User</button>';
            }
            $pendingUsersHiddenRow[$pendingRow['invitationId']] = array('pendingUser' . $pendingRow['invitationId'], $userActions);
        }
        //Build list users.
        $output .= '<div class="textCenter textLarge">
	<i class="fa fa-file-o" ></i><span class="bold">' . $listInfo['listName'] . '</span> Users
</div>';
        if (empty($listUsersCount)) {
            pdoError(__LINE__, $listUsersStmt, $listUsersParams, true);
            $output .= '<div class="break red" style="padding:5px 0px 10px 0px;">
	There are no users.
</div>';
        }
        if ($searchListUsers) {
            $results = intThis($listUsersCount);
            $output .= '<div class="break red">';
            $output .= $results == 1 ? $results . ' result' : $results . ' results';
            $output .= ' for "' . $_POST['searchVal'] . '".</div>';
        }
        $listUsersTitleArray = array(array('Name'), array('Shared On', 1));
        $buildListUsers = new Adrlist_BuildRows('existingListUsers', $listUsersTitleArray, $listUsersArray);
        $buildListUsers->addHiddenRows($listUsersHiddenRow);
        $output .= $pagination->output('listUsersViewOptions') . $buildListUsers->output();
        $output .= '<div class="hr3" style="margin:2em 0;"></div>';
        //Build pending users.
        $output .= '<div class="break textCenter textLarge" style="margin:1em 0 0 0">
	Pending Users
</div>';
        if (empty($pendingListUsersCount)) {
            pdoError(__LINE__, $pendingUsersStmt, $pendingUsersParams, true);
            $output .= '<div class="break red" style="padding:5px 0px 10px 0px;">
	There are no pending users.
</div>';
        }
        if ($searchPendingListUsers) {
            $results = intThis($pendingListUsersCount);
            $output .= '<div class="break red">';
            $output .= $results == 1 ? $results . ' result' : $results . ' results';
            $output .= ' for "' . $_POST['searchVal'] . '".</div>';
        }
        $pendingUsersTitleArray = array(array('Pending User'), array('Shared On', 1));
        $buildPendingUsers = new Adrlist_BuildRows('pendingListUsers', $pendingUsersTitleArray, $pendingUsersArray);
        $buildPendingUsers->addHiddenRows($pendingUsersHiddenRow);
        $output .= $pendingPagination->output('pendingListUsersViewOptions') . $buildPendingUsers->output();
        if (MODE == 'buildListUsers') {
            $success = true;
            $returnThis['output'] = $output;
        }
    } catch (Adrlist_CustomException $e) {
    } catch (PDOException $e) {
        error(__LINE__, '', '<pre>' . $e . '</pre>');
    }
    if (MODE == 'buildListUsers') {
        returnData();
    } else {
        return $output;
    }
}
Пример #2
0
function buildInvitation()
{
    //Build the invitation section.
    global $debug, $message, $success;
    $output = '<ul class="break">
		<li class="sectionTitle">Invite a new user</li>
	</ul>
';
    //A user will only ever have a site role of None, Read, or Site Admin, which equate to Blocked, Allowed, and Site Admin.
    //See if the user is linked to any folder accounts.
    $foldersQuery = "SELECT\n\tfolders.folderName AS 'folderName',\n\tfolders.folderId AS 'folderId'\nFROM\n\tfolders\nLEFT JOIN\n\tuserFolderSettings ON userFolderSettings.folderId = folders.folderId AND\n\t(userFolderSettings.folderRoleId >= '2')\nWHERE\n\tuserFolderSettings.userId = '" . $_SESSION['userId'] . "'\nORDER BY\n\tfolders.folderName";
    if ($foldersResult = mysql_query($foldersQuery)) {
        if (mysql_affected_rows() == 0) {
            $output .= '<span class="red">You must be a Folder Manager or Owner to send invitations.</span>';
            $debug->add("The users isn't linked to any folders.");
        } else {
            $folders = '<select id="invitationFolder">
<option value="">Select a folder:</option>';
            while ($row = mysql_fetch_assoc($foldersResult)) {
                $folders .= '<option value="' . $row['folderId'] . '">' . $row['folderName'] . '</option>
';
            }
            $folders .= '</select><span class="red" id="responseInvitationFolder" style="padding:0px 0px 0px 10px"></span>
';
            $output .= 'Invite someone to share your lists with. Once they create an account you\'ll see their name in the "Folders" section. The user\'s account will be linked to your folder and you can set their list roles. You can always remove the user later.
		<div style="padding:10px 0px 0px 0px">
			<div class="break">
				<div class="invitationLeft">Folder:&nbsp;</div>
				<div class="invitationRight">' . $folders . '</div>
			</div>
			<div class="break">
				<div class="invitationLeft">Folder Role:&nbsp;</div>
				<div class="invitationRight"><select id="invitationFolderRole">
						<option value="0">None</option>
						<option value="1" selected="selected">Read</option>
						<option value="3">Account Admin</option>
					</select> <img alt="" class="question top" height="16" qid="24" onClick="" src="' . LINKIMAGES . '/question.png" width="16"></div>
			</div>
			<div class="hide" id="invitationListHolder">
				<div class="break">
					<div class="invitationLeft">ADR List:&nbsp;</div>
					<div class="invitationRight" id="returnInvitationLists"></div>
				</div>
				<div class="break">
					<div class="invitationLeft">ADR List Role:&nbsp;</div>
					<div class="invitationRight">' . buildRoles('invitationListRole', 1) . faqLink(24) . '</div>
				</div>
			</div>
			<div class="break">
				<div class="invitationLeft">Recipient\'s Email:&nbsp;</div>
				<div class="invitationRight"><input autocapitalize="off" autocorrect="off" id="invitationToAddress" type="email" size="25"> <span class="red" id="invitationToAddressResponse"></span></div>
			</div>
			<div class="break">
				<div class="invitationLeft">Message:&nbsp;</div>
				<div class="invitationRight italic">' . $_SESSION['firstName'] . ' ' . $_SESSION['lastName'] . ' has shared an ADR list with you. To accept this invitation click the link below:<br>
<textarea id="invitationMessage" style="width:500px">(optional personal message here)</textarea></div>
			</div>
			<div class="break">
				<div class="invitationLeft">&nbsp;</div>
				<div class="left" id="sendInvitationButton" onClick=""><img alt="" class="link middle" height="24" src="' . LINKIMAGES . '/send.png" width="24"><span class="linkPadding middle">Send</span> <span class="middle red" id="invitationResponse" style="padding:0px 10px 0px 0px"></span></div>
				<div class="left" id="viewInvitationsTrigger" onClick=""><div id="viewInvitationsShow"><img alt="" class="link middle" height="24" src="' . LINKIMAGES . '/mailDown.png" width="24"><span class="linkPadding middle">Show Invitations</span></div><div class="hide" id="viewInvitationsHide" onClick=""><img alt="" class="link middle" height="24" src="' . LINKIMAGES . '/mailUp.png" width="24"><span class="linkPadding middle">Hide Invitations</span></div> <span class="middle red" id="viewInvitationsResponse"></span></div>
			</div>
		</div>
		<div id="viewInvitationsHolder" style="display:none"></div>';
        }
    } else {
        error(__LINE__);
        pdoError(__LINE__, $foldersQuery, '$foldersQuery');
    }
    return $output;
}
Пример #3
0
function viewUserRole()
{
    global $debug, $message, $success, $Dbc;
    $output = '';
    if (isset($_POST['userId'])) {
        $userId = intval($_POST['userId']);
        try {
            $viewUserSiteRoleStmt = $Dbc->prepare("SELECT\n\tsiteRoleId AS 'siteRoleId'\nFROM\n\tuserSiteSettings\nWHERE\n\tuserId = ?");
            $viewUserSiteRoleParams = array($userId);
            $viewUserSiteRoleStmt->execute($viewUserSiteRoleParams);
            $foundRows = false;
            $userSiteRoleRow = NULL;
            $roles = array('0' => 'Blocked', '1' => 'Allow', '5' => 'Site Admin');
            //('mysql role' => 'display role')
            while ($row = $viewUserSiteRoleStmt->fetch(PDO::FETCH_ASSOC)) {
                $foundRows = true;
                foreach ($roles as $key => $value) {
                    //Build all the radio buttons with a unique name containing the userId.
                    $userSiteRoleRow .= '<input type="radio" name="role' . $userId . '" value="' . $key . '"';
                    if ($key == $row['siteRoleId']) {
                        $userSiteRoleRow .= ' checked';
                    }
                    $userSiteRoleRow .= '>' . $value;
                }
                $userSiteRoleRow .= ' <span class="link" id="updateSiteRole' . $userId . '">Update</span>';
            }
            if ($foundRows) {
                $userSiteRole = '	<div class="break textCenter">
		<div class="rowTitle" style="width:375px">Site Role</div>
		<div class="break" style="line-height:2em;">' . $userSiteRoleRow . '
		</div>
	</div>';
            } else {
                $userSiteRole = NULL;
                pdoError(__LINE__, $viewUserSiteRoleStmt, $viewUserSiteRoleParams, true);
            }
            $viewUserFolderRoleStmt = $Dbc->prepare("SELECT\n\tuserFolderSettings.folderId AS 'folderId',\n\tuserFolderSettings.folderRoleId AS 'folderRoleId',\n\tfolders.folderName AS 'folderName'\nFROM\n\tuserFolderSettings\nJOIN\n\tfolders ON folders.folderId = userFolderSettings.folderId\nWHERE\n\tuserFolderSettings.userId = ?");
            $viewUserFolderRoleParams = array($userId);
            $viewUserFolderRoleStmt->execute($viewUserFolderRoleParams);
            $foundRows = false;
            $userFolderRoleRows = NULL;
            $class = 'rowAlt';
            while ($row = $viewUserFolderRoleStmt->fetch(PDO::FETCH_ASSOC)) {
                $foundRows = true;
                if ($class == 'rowWhite') {
                    $class = 'rowAlt';
                } else {
                    $class = 'rowWhite';
                }
                $userFolderRoleRows .= '		<div class="break ' . $class . '" style="width:375">
			<div class="row ' . $class . '" style="width:175px">' . $row['folderName'] . '</div>
			<div class="row" style="width:120px">' . buildRoles('folderRoleUser' . $userId . 'folderId' . $row['folderId'] . 'folderRoleId' . $row['folderRoleId'], $row['folderRoleId'], 'folderRoleId') . '</div>
			<div class="link row" id="updateFolderRoleUser' . $userId . 'folderId' . $row['folderId'] . '" style="width:55px">Update</div>
		</div>
';
            }
            if ($foundRows) {
                $userFolderRole = '	<div class="break" style="padding:10px 0px 0px 0px">
		<div class="rowTitle" style="width:175px">Folder Name</div>
		<div class="rowTitle" style="width:175px">Folder Role</div>
		<div class="break left" style="line-height:2em;">' . $userFolderRoleRows . '
		</div>
	</div>';
            } else {
                $userFolderRole = NULL;
                pdoError(__LINE__, $viewUserFolderRoleStmt, $viewUserFolderRoleParams, true);
            }
            $viewUserListRoleStmt = $Dbc->prepare("SELECT\n\tlists.listId AS 'listId',\n\tlists.listName AS 'listName',\n\tuserListSettings.listRoleId AS 'listRoleId',\n\tfolders.folderName AS 'folderName'\nFROM\n\tlists\nJOIN\n\tfolders ON folders.folderId = lists.folderId\nJOIN\n\tuserListSettings ON userListSettings.listId = lists.listId AND\n\tuserListSettings.userId = ?\nORDER BY\n\tfolders.folderName, lists.listName");
            $viewUserListRoleParams = array($userId);
            $viewUserListRoleStmt->execute($viewUserListRoleParams);
            $foundRows = false;
            $userListRoleRows = NULL;
            $class = 'rowAlt';
            while ($row = $viewUserListRoleStmt->fetch(PDO::FETCH_ASSOC)) {
                if ($class == 'rowWhite') {
                    $class = 'rowAlt';
                } else {
                    $class = 'rowWhite';
                }
                $userListRoleRows .= '		<div class="break right ' . $class . '" style="width:400px">
			<div class="row" style="width:120px">' . $row['listName'] . '</div>
			<div class="row" style="width:120px">' . $row['folderName'] . '</div>
			<div class="row" style="width:160px; line-height:2em;">
				' . buildRoles('user' . $userId . 'List' . $row['listId'] . 'Role' . $row['listRoleId'], $row['listRoleId']) . '&nbsp;<span class="link" id="updateListRole' . $userId . '">Update</span>
			</div>
		</div>
';
            }
            if ($foundRows) {
                $userListRole = '	<div class="break">
		<div class="rowTitle" style="width:120px">List Name</div>
		<div class="rowTitle" style="width:120px">Folder</div>
		<div class="rowTitle" style="width:160px">List Role</div>
' . $userListRoleRows . '
	</div>';
            } else {
                $userListRole .= 'The user has no role for this list.';
                pdoError(__LINE__, $viewUserListRoleStmt, $viewUserListRoleParams, true);
            }
            $output .= '		<div class="left" style="width:375px">' . $userSiteRole . $userFolderRole . '</div>
		<div class="right" style="width:400px">' . $userListRole . '</div>
';
            $success = true;
            $returnThis['returnCode'] = $output;
        } catch (PDOException $e) {
            error(__LINE__, '', '<pre>' . $e . '</pre>');
        }
    } else {
        error(__LINE__);
        if (empty($_POST['userId'])) {
            $message .= '$_POST[\'userId\'] is empty on line ' . __LINE__ . '.';
        } elseif (empty($_POST['newRole'])) {
            $message .= '$_POST[\'newRole\'] is empty on line ' . __LINE__ . '.';
        } else {
            $message .= 'Something else is wrong.';
        }
    }
    if (MODE == 'updateSiteRole') {
        returnData();
    } else {
        return $output;
    }
}