/** * Search users * Static function. * * @param string search : search user by lastname, firstname or login * @param string letter : search user by first lastname letter * @param integer group : search user by group ID * @param string order : order by fieldname (without suffix). default : lastname, firstname * @param integer start : search start offset * @param integer limit : search limit (default : 0 : unlimited) * @param boolean activeOnly : return only active users (default : false) * @param boolean returnObjects : return CMS_profile_user objects (default) or array of userId * @return array(CMS_profile_user) * @access public */ static function search($search = '', $letter = '', $group = '', $order = '', $direction = 'asc', $start = 0, $limit = 0, $activeOnly = false, $returnObjects = true, &$score = array()) { $start = (int) $start; $limit = (int) $limit; $group = (int) $group; $direction = in_array(io::strtolower($direction), array('asc', 'desc')) ? io::strtolower($direction) : 'asc'; $keywordsWhere = $letterWhere = $groupWhere = $orderBy = $orderClause = $idWhere = ''; $select = 'id_pru'; if (io::strpos($search, ':noroot:') !== false) { $idWhere = " and id_pru != '" . ROOT_PROFILEUSER_ID . "'"; $search = trim(str_replace(':noroot:', '', $search)); } if (io::substr($search, 0, 5) == 'user:'******'" . sensitiveIO::sanitizeSQLString(io::substr($search, 5)) . "'"; $search = ''; } if (io::substr($search, 0, 6) == 'group:' && sensitiveIO::isPositiveInteger(io::substr($search, 6))) { $group = io::substr($search, 6); $search = ''; } if ($search) { //clean user keywords (never trust user input, user is evil) $keyword = strtr($search, ",;", " "); $words = array(); $words = array_map("trim", array_unique(explode(" ", io::strtolower($keyword)))); $cleanedWords = array(); foreach ($words as $aWord) { if ($aWord && $aWord != '' && io::strlen($aWord) >= 3) { $aWord = str_replace(array('%', '_'), array('\\%', '\\_'), $aWord); if (htmlentities($aWord) != $aWord) { $cleanedWords[] = htmlentities($aWord); } $cleanedWords[] = $aWord; } } if (!$cleanedWords) { //if no words after cleaning, return return array(); } foreach ($cleanedWords as $cleanedWord) { $keywordsWhere .= $keywordsWhere ? " and " : ''; $keywordsWhere .= " (\n\t\t\t\t\tlastName_pru like '%" . sensitiveIO::sanitizeSQLString($cleanedWord) . "%'\n\t\t\t\t\tor firstName_pru like '%" . sensitiveIO::sanitizeSQLString($cleanedWord) . "%'\n\t\t\t\t\tor login_pru like '%" . sensitiveIO::sanitizeSQLString($cleanedWord) . "%'\n\t\t\t\t)"; } $keywordsWhere = ' and ((' . $keywordsWhere . ')'; $select .= " , MATCH (lastName_pru, firstName_pru, login_pru) AGAINST ('" . sensitiveIO::sanitizeSQLString($search) . "') as m "; $keywordsWhere .= " or MATCH (lastName_pru, firstName_pru, login_pru) AGAINST ('" . sensitiveIO::sanitizeSQLString($search) . "') )"; } if ($letter && io::strlen($letter) === 1) { $letterWhere = " and lastName_pru like '" . sensitiveIO::sanitizeSQLString($letter) . "%'"; } if ($group) { $groupUsers = CMS_profile_usersGroupsCatalog::getGroupUsers($group, false); if (!$groupUsers) { return array(); } $groupWhere = " and id_pru in (" . implode(',', $groupUsers) . ")"; } if ($order != 'score') { if ($order) { $found = false; $sql = "DESCRIBE profilesUsers"; $q = new CMS_query($sql); while ($field = $q->getValue('Field')) { if ($field == $order . '_pru') { $found = true; } } if ($found) { $orderBy = $order . '_pru'; } else { $orderBy = 'lastName_pru,firstName_pru'; } } else { $orderBy = 'lastName_pru,firstName_pru'; } if ($orderBy) { $orderClause = "order by\n\t\t\t\t\t" . $orderBy . "\n\t\t\t\t\t" . $direction; } } elseif ($search) { $orderClause = " order by m " . $direction; } $sql = "\n\t\t\tselect\n\t\t\t\t" . $select . "\n\t\t\tfrom\n\t\t\t\tprofilesUsers\n\t\t\twhere \n\t\t\t deleted_pru='0'\n\t\t\t" . ($activeOnly ? " and active_pru='1' " : '') . "\n\t\t\t" . $keywordsWhere . "\n\t\t\t" . $letterWhere . "\n\t\t\t" . $groupWhere . "\n\t\t\t" . $idWhere . "\n\t\t\t" . $orderClause . "\n\t\t"; if ($limit) { $sql .= "limit \n\t\t\t\t" . $start . ", " . $limit; } $q = new CMS_query($sql); //pr($sql); //pr($q->getNumRows()); $users = array(); while ($r = $q->getArray()) { $id = $r['id_pru']; //set match score if exists if (isset($r['m'])) { $score[$id] = $r['m']; } if ($returnObjects) { $usr = CMS_profile_usersCatalog::getByID($id); if (is_a($usr, "CMS_profile_user") && !$usr->hasError()) { if ($activeOnly && $usr->isActive() || !$activeOnly) { $users[] = $usr; } } } else { $users[] = $id; } } //pr($score); return $users; }
/** * Get all selected recipients for the field * @return array of usersIds which are recipients of the notification * @access public */ private function _getRecipients($objectID) { $params = $this->getParamsValues(); $recipients = array(); if (isset($params['usersGroupsField']) && $params['usersGroupsField']) { //instanciate related item $item = CMS_poly_object_catalog::getObjectByID($objectID, false, true); if (!is_object($item) || $item->hasError()) { return $recipients; } //does selected field represent users or groups ? $field = new CMS_poly_object_field($params['usersGroupsField']); $isGroup = $field->getParameter('isGroup'); //get item field value $ids = $item->objectValues($params['usersGroupsField'])->getValue('ids'); if (!$ids) { return array(); } //get users ids if ($isGroup) { foreach ($ids as $groupId) { $usersIds = CMS_profile_usersGroupsCatalog::getGroupUsers($groupId, false); foreach ($usersIds as $userId) { $recipients[$userId] = $userId; } } } else { $recipients = $ids; } } else { //get all active users ids $allUsers = CMS_profile_usersCatalog::getAll(true, false, false); //check if user is in included or excluded parameters lists $selectedGroups = $params['disableGroups'] ? explode(';', $params['disableGroups']) : array(); $selectedUsers = $params['disableUsers'] ? explode(';', $params['disableUsers']) : array(); //check all users to see if it match selection parameters foreach ($allUsers as $userId) { if ($params['includeExclude']) { //user must be in selected groups or users to get email $userSelected = false; if (is_array($selectedGroups) && $selectedGroups) { foreach ($selectedGroups as $groupId) { if (CMS_profile_usersGroupsCatalog::userBelongsToGroup($userId, $groupId)) { $userSelected = true; } } } if (is_array($selectedUsers) && $selectedUsers && in_array($userId, $selectedUsers)) { $userSelected = true; } } else { //user must NOT be in selected groups or users to get email $userSelected = true; if (is_array($selectedGroups) && $selectedGroups) { foreach ($selectedGroups as $groupId) { if (CMS_profile_usersGroupsCatalog::userBelongsToGroup($userId, $groupId)) { $userSelected = false; } } } if (is_array($selectedUsers) && $selectedUsers && in_array($userId, $selectedUsers)) { $userSelected = false; } } if ($userSelected) { $recipients[] = $userId; } } } return $recipients; }
$dir = sensitiveIO::request('dir'); $start = sensitiveIO::request('start', 'sensitiveIO::isPositiveInteger', 0); $limit = sensitiveIO::request('limit', 'sensitiveIO::isPositiveInteger', CMS_session::getRecordsPerPage()); $filter = sensitiveIO::request('filter') ? true : false; $withGroups = sensitiveIO::request('groups') ? true : false; $withoutRoot = sensitiveIO::request('withoutroot') ? true : false; $usersDatas = array(); $usersDatas['users'] = array(); if (!$cms_user->hasAdminClearance(CLEARANCE_ADMINISTRATION_EDITUSERS)) { CMS_grandFather::raiseError('User has no users management rights ...'); $view->setContent($usersDatas); $view->show(); } //load group's users if any if ($groupId) { $groupUsers = CMS_profile_usersGroupsCatalog::getGroupUsers($groupId, false); } else { $groupUsers = array(); } //remove root user from search if ($withoutRoot) { $search = ':noroot: ' . $search; } if ($groupId && $filter) { //search users $users = CMS_profile_usersCatalog::search($search, $letter, $groupId, $sort, $dir, $start, $limit); } else { //search users $users = CMS_profile_usersCatalog::search($search, $letter, false, $sort, $dir, $start, $limit); } //loop over users to get all required infos