public function login($email, $password)
{
try {
$sql = "SELECT u.userID AS ID, u.name, u.username, u.emailAddress AS email, u.position, u.celNumber AS cell, up.password, u.role, gg.entityID, eg.TPIN, ug.groupID " . "FROM user u " . "INNER JOIN user_groups ug " . "ON u.userID = ug.userID " . "INNER JOIN user_password up " . "ON u.userID = up.userID " . "LEFT JOIN goventity_groups gg " . "ON ug.groupID = gg.groupID " . "LEFT JOIN extractivecomp_groups eg " . "ON ug.groupID = eg.groupID " . "WHERE u.emailAddress = :email";
// AND up.password = :password";
$query = $this->getConnection()->prepare($sql);
$query->setFetchMode(PDO::FETCH_CLASS, '\\ZP\\User');
//$query->bindValue(":username", $username, PDO::PARAM_STR);
$query->bindValue(":email", $email, PDO::PARAM_STR);
//$query->bindValue(":password", $password, PDO::PARAM_STR);
if ($query->execute()) {
$user = $query->fetch(PDO::FETCH_OBJ);
// $this->cleanResult($query->fetch(), '\ZP\User');
if (!($user && password_verify($password, $user->password))) {
//ZP::log('Failed Login Attempt', 'Email Address: '.$email, NULL, $_SESSION['module_number']);
return (object) ['success' => false, 'message' => 'Invalid email and/or password'];
}
$user = new User($user);
//if(!$user)
//return (object)['success'=>false, 'message'=>'Invalid email and/or password'];
$sql = "SELECT g.name, eg.TPIN, ge.entityID, g.groupID " . "FROM `group` g " . "INNER JOIN user_groups ug " . "ON g.groupID = ug.groupID " . "LEFT JOIN goventity_groups ge " . "ON g.groupID = ge.groupID " . "LEFT JOIN extractivecomp_groups eg " . "ON g.groupID = eg.groupID " . "WHERE ug.userID = :userID";
$query = $this->getConnection()->prepare($sql);
$query->bindValue(":userID", $user->getID(), PDO::PARAM_INT);
$query->setFetchMode(PDO::FETCH_OBJ);
$query->execute();
$group = $query->fetch();
$sql = "SELECT p.permissionID, p.name " . "FROM permissions p " . "INNER JOIN group_permissions gp " . "ON p.permissionID = gp.permissionID " . "INNER JOIN user_groups ug " . "ON gp.groupID = ug.groupID " . "WHERE ug.userID = :userID AND p.name != 'View Reports';";
$query = $this->getConnection()->prepare($sql);
$query->bindValue(":userID", $user->getID(), PDO::PARAM_INT);
$query->setFetchMode(PDO::FETCH_OBJ);
$query->execute();
$group->permissions = $query->fetchAll();
$group = new Group($group);
if (!is_null($group->getTPIN())) {
$TPIN = $group->getTPIN();
$sql = "SELECT ec.companyName AS name, ec.dateOfEstablishment AS date, ec.TPIN AS id, ec.contactAddress AS address, " . "ec.companyCapital AS capital, ec.primaryBusiness AS `primary`, ec.secondaryBusiness AS `secondary` " . "FROM extractivecompany ec " . "INNER JOIN extractivecomp_groups eg " . "ON ec.TPIN = eg.TPIN " . "WHERE eg.TPIN = {$TPIN};";
$stmt = $this->getConnection()->prepare($sql);
$stmt->setFetchMode(PDO::FETCH_OBJ);
$stmt->execute();
$entity = new ExtractiveCompany($stmt->fetch());
$stmt = $this->getConnection()->prepare("SELECT et.templateID FROM extractivecomp_templates et WHERE et.TPIN = {$TPIN};");
$stmt->execute();
$entity->setTemplates($stmt->fetchAll(PDO::FETCH_OBJ));
} else {
$entityID = $group->getEntityID();
$sql = "SELECT ge.entityName AS name, ge.dateOfEstablishment AS date, ge.entityID AS id, ge.contactAddress AS address " . "FROM governmententity ge " . "INNER JOIN goventity_groups gg " . "ON ge.entityID = gg.entityID " . "WHERE gg.entityID = {$entityID};";
$stmt = $this->getConnection()->prepare($sql);
$stmt->setFetchMode(PDO::FETCH_OBJ);
$stmt->execute();
$entity = new GovernmentEntity($stmt->fetch());
$stmt = $this->getConnection()->prepare("SELECT et.templateID FROM goventity_templates et WHERE et.entityID = {$entityID};");
$stmt->execute();
$entity->setTemplates($stmt->fetchAll(PDO::FETCH_OBJ));
}
return (object) ['success' => true, 'user' => $user, 'group' => $group, 'entity' => $entity, 'modules' => $this->createModules($group->getPermissions())];
}
return (object) ['success' => false, 'exception' => 'Could not login. Internal error occurred.'];
} catch (\PDOException $e) {
return (object) ['success' => false, 'exception' => $e];
}
}
public function addUser($user)
{
//exit(json_encode(['success'=>false, 'users'=>$user]));
try {
$user = new User($user);
//exit(json_encode(['success'=>false, 'users'=>$user]));
$this->getConnection()->beginTransaction();
if (count($user->getErrors()) == 0) {
if (is_null($user->getID())) {
$sql = "INSERT INTO user (`userID`, `name`, `emailAddress`, `username`, `password`, `celNumber`, `role`, `position`) " . "VALUES(:ID, :name, :email, :username, ':password', :cell, :role, :position);";
} else {
if (!is_null($user->getID()) && is_null($user->getPassword())) {
$sql = "UPDATE user SET " . "`name` = :name, `emailAddress` = :email, `username` = :username, `celNumber` = :cell, `position` = :position " . "WHERE `userID` = :ID";
} else {
$sql = "UPDATE user SET " . "`name` = :name, `emailAddress` = :email, `celNumber` = :cell, `position` = :position " . "WHERE `userID` = :ID";
}
}
$query = $this->getConnection()->prepare($sql);
$query->bindValue(":ID", $user->getID(), PDO::PARAM_INT);
$query->bindValue(":name", $user->getName(), PDO::PARAM_STR);
$query->bindValue(":email", $user->getEmail(), PDO::PARAM_STR);
$query->bindValue(":username", $user->getUsername(), PDO::PARAM_STR);
//$query->bindParam(":password", $user->getPassword(), PDO::PARAM_STR);
$query->bindValue(":cell", $user->getCell(), PDO::PARAM_STR);
$query->bindValue(":position", $user->getPosition(), PDO::PARAM_STR);
if (is_null($user->getID())) {
//$query->bindParam(":tpin", $user->getTPIN(), PDO::PARAM_INT);
//$query->bindParam(":entityID", $user->getEntityID(), PDO::PARAM_INT);
$query->bindValue(":role", $user->getRole(), PDO::PARAM_STR);
}
if (($exec = $query->execute()) && ($ID = $this->getConnection()->lastInsertId()) > 0) {
// inline declaration of $ID
if (is_null($user->getID())) {
$query = $this->getConnection()->prepare("INSERT INTO user_groups (userID, groupID) VALUES (:userID, :groupID)");
$query->bindValue(":userID", $ID, PDO::PARAM_INT);
$query->bindValue(":groupID", $user->getGroupID(), PDO::PARAM_INT);
//exit(json_encode(['success'=>false, 'users'=>$user->getGroupID()]));
if ($query->execute()) {
$query = $this->getConnection()->prepare("INSERT INTO user_password (`userID`, `password`) VALUES(:userID, :password)");
$query->bindValue(":userID", $ID, PDO::PARAM_INT);
$query->bindValue(":password", password_hash($user->getPassword(), PASSWORD_BCRYPT));
if ($query->execute()) {
$this->getConnection()->commit();
$user->setID($ID);
return ["success" => true, "user" => $user];
}
return ["success" => false, "exception" => "Could not add user. Internal error occurred."];
}
return ["success" => false, "errors" => $user->getErrors()];
}
} else {
if ($exec) {
//return ['success'=>true, 'ID'=>$ID];
$this->getConnection()->commit();
return ["success" => true, "user" => $user];
}
}
return ["success" => false, "exception" => "Could not add user, internal error occurred."];
} else {
return ["success" => false, "errors" => $user->getErrors()];
}
} catch (\PDOException $e) {
$this->getConnection()->rollBack();
return ["success" => false, "exception" => $e];
}
}
