function manage() { $this->set('istype', SES_TYPE); $search_key = $this->request->query['user_srch']; $search_query = "User.name LIKE '%{$search_key}%' OR User.last_name LIKE '%{$search_key}%' OR User.email LIKE '%{$search_key}%' OR User.short_name LIKE '%{$search_key}%'"; $page_limit = CASE_PAGE_LIMIT; $page_limit = 26; $CompanyUser = ClassRegistry::init('CompanyUser'); if (isset($_GET['del']) && trim(urldecode($_GET['del'])) != "") { $del = urldecode($_GET['del']); $del = addslashes($del); $getUsr = $this->User->find('first', array('conditions' => array('User.uniq_id' => $del), 'fields' => array('User.id', 'User.email', 'User.name', 'User.last_name'))); $CompanyUser->deleteAll(array('user_id' => $getUsr['User']['id'], 'company_id' => SES_COMP, 'user_type!=1')); $UserInvitation = ClassRegistry::init('UserInvitation'); $UserInvitation->query("DELETE FROM user_invitations WHERE user_id='" . $getUsr['User']['id'] . "' AND company_id='" . SES_COMP . "'"); $invit = $UserInvitation->find('first', array('conditions' => array('UserInvitation.user_id' => $getUsr['User']['id']))); //Event log data and inserted into database in account creation--- Start $json_arr['email'] = $getUsr['User']['email']; $json_arr['name'] = trim($getUsr['User']['first_name'] . " " . $getUsr['User']['last_name']); $json_arr['created'] = GMT_DATETIME; $this->Postcase->eventLog(SES_COMP, SES_ID, $json_arr, 3); //End $this->Session->write("SUCCESS", "user deleted successfully"); $this->redirect(HTTP_ROOT . "users/manage/?role=invited"); } if (isset($_GET['act']) && trim(urldecode($_GET['act'])) != "") { if ($GLOBALS['Userlimitation']['subscription_id'] == 1 && strtolower($GLOBALS['Userlimitation']['user_limit']) != "unlimited") { if ($GLOBALS['usercount'] >= $GLOBALS['Userlimitation']['user_limit']) { $this->Session->write("ERROR", "Sorry! User cannot be enabled. User Limit Exceeded!"); $this->redirect(HTTP_ROOT . "users/manage/?type=1&role=" . $_GET['role']); exit; } } $act = urldecode($_GET['act']); $act = addslashes($act); $getUsr = $this->User->find('first', array('conditions' => array('User.uniq_id' => $act), 'fields' => array('User.id', 'User.email', 'User.name', 'User.last_name'))); //Below code are written for the subscription i.e in case a disabled user get activated during a subscribed period $comp_user = $CompanyUser->find('first', array('conditions' => array('user_id' => $getUsr['User']['id'], 'company_id' => SES_COMP))); if ($GLOBALS['Userlimitation']['btsubscription_id']) { if (strtotime($comp_user['CompanyUser']['billing_end_date']) < strtotime($GLOBALS['Userlimitation']['next_billing_date'])) { //$this->update_bt_subscription($comp_user['CompanyUser']['id'], $comp_user['CompanyUser']['company_id'], 2); } } $CompanyUser->query("UPDATE company_users as CompanyUser SET CompanyUser.is_active='1' WHERE CompanyUser.user_id='" . $getUsr['User']['id'] . "' AND CompanyUser.company_id='" . SES_COMP . "' AND CompanyUser.user_type!='1'"); //Event log data and inserted into database in account creation--- Start $json_arr['email'] = $getUsr['User']['email']; $json_arr['name'] = trim($getUsr['User']['first_name'] . " " . $getUsr['User']['last_name']); $json_arr['created'] = GMT_DATETIME; $this->Postcase->eventLog(SES_COMP, SES_ID, $json_arr, 28); //End $this->Session->write("SUCCESS", "User enabled successfully"); $this->redirect(HTTP_ROOT . "users/manage/?role=" . $_GET['role']); } if (isset($_GET['deact']) && trim(urldecode($_GET['deact'])) != "") { $deact = urldecode($_GET['deact']); $deact = addslashes($deact); $getUsr = $this->User->find('first', array('conditions' => array('User.uniq_id' => $deact), 'fields' => array('User.id', 'User.email', 'User.name', 'User.last_name'))); $CompanyUser->query("UPDATE company_users as CompanyUser SET CompanyUser.is_active='0' WHERE CompanyUser.user_id='" . $getUsr['User']['id'] . "' AND CompanyUser.company_id='" . SES_COMP . "' AND CompanyUser.user_type!='1'"); //Event log data and inserted into database in account creation--- Start $json_arr['email'] = $getUsr['User']['email']; $json_arr['name'] = $getUsr['User']['first_name'] . " " . $getUsr['User']['last_name']; $json_arr['created'] = GMT_DATETIME; $this->Postcase->eventLog(SES_COMP, SES_ID, $json_arr, 27); //End $this->Session->write("SUCCESS", "User disabled successfully"); $this->redirect(HTTP_ROOT . "users/manage"); } if (isset($_GET['grant_admin']) && trim(urldecode($_GET['grant_admin'])) != "") { $grant_admin = urldecode($_GET['grant_admin']); $grant_admin = addslashes($grant_admin); $getUsr = $this->User->find('first', array('conditions' => array('User.uniq_id' => $grant_admin), 'fields' => array('User.id'))); $CompanyUser->query("UPDATE company_users as CompanyUser SET CompanyUser.user_type='2' WHERE CompanyUser.user_id='" . $getUsr['User']['id'] . "' AND CompanyUser.company_id='" . SES_COMP . "' AND CompanyUser.user_type!='1'"); $this->Session->write("SUCCESS", "Granted admin privilege"); $this->redirect(HTTP_ROOT . "users/manage"); } if (isset($_GET['revoke_admin']) && trim(urldecode($_GET['revoke_admin'])) != "") { $revoke_admin = urldecode($_GET['revoke_admin']); $revoke_admin = addslashes($revoke_admin); $getUsr = $this->User->find('first', array('conditions' => array('User.uniq_id' => $revoke_admin), 'fields' => array('User.id'))); $CompanyUser->query("UPDATE company_users as CompanyUser SET CompanyUser.user_type='3' WHERE CompanyUser.user_id='" . $getUsr['User']['id'] . "' AND CompanyUser.company_id='" . SES_COMP . "' AND CompanyUser.user_type!='1'"); $this->Session->write("SUCCESS", "Revoked admin privilege"); $this->redirect(HTTP_ROOT . "users/manage"); } if (isset($_GET['resend']) && trim(urldecode($_GET['resend'])) != "") { $resend = urldecode($_GET['resend']); $resend = addslashes($resend); $UserInvitation = ClassRegistry::init('UserInvitation'); $invit = $UserInvitation->find('first', array('conditions' => array('UserInvitation.qstr' => $resend))); if ($invit['UserInvitation']['user_id']) { $getUser = $this->User->find('first', array('conditions' => array('User.id' => $invit['UserInvitation']['user_id']))); $Company = ClassRegistry::init('Company'); $comp = $Company->find('first', array('fields' => array('Company.id', 'Company.name', 'Company.uniq_id'))); $expEmail = explode("@", $getUser['User']['email']); $expName = $expEmail[0]; $qstr = $this->Format->generateUniqNumber(); $loggedin_users = $this->Format->getUserNameForEmail($this->Auth->User("id")); $fromName = ucfirst($loggedin_users['User']['name']); $fromEmail = $loggedin_users['User']['email']; $ext_user = ''; if (!$getUser['User']['password']) { $subject = $fromName . " Invited you to join " . $comp['Company']['name'] . " on Orangescrum"; $ext_user = 1; } else { $subject = $fromName . " Invited you to join on Orangescrum"; } $this->Email->delivery = EMAIL_DELIVERY; $this->Email->to = $to; $this->Email->subject = $subject; $this->Email->from = FROM_EMAIL; $this->Email->template = 'invite_user'; $this->Email->sendAs = 'html'; $this->set('expName', ucfirst($expName)); $this->set('qstr', $qstr); $this->set('existing_user', $ext_user); $this->set('company_name', $comp['Company']['name']); $this->set('fromEmail', $fromEmail); $this->set('fromName', $fromName); if ($this->Sendgrid->sendgridsmtp($this->Email)) { $UserInvitation->query("UPDATE user_invitations set qstr='" . $qstr . "' where qstr='" . $resend . "'"); $this->Session->write("SUCCESS", "Invitation resent to '" . $getUser['User']['email'] . "'"); $this->redirect(HTTP_ROOT . "users/manage/?role=invited"); } } } $query = ""; if (isset($_GET['role']) && $_GET['role']) { $role = $_GET['role']; } if (isset($_GET['type']) && $_GET['type']) { $type = $_GET['type']; } if (isset($_GET['user_srch']) && $_GET['user_srch']) { $user_srch = htmlentities(strip_tags($_GET['user_srch'])); } if (isset($_GET['page']) && $_GET['page']) { $page = $_GET['page']; } if ($role == "invited") { $query .= " AND UserInvitation.is_active = '1'"; } else { if (!$role || $role == 'all') { $query .= " AND (CompanyUser.is_active = '1')"; } else { if ($role == 2) { $query .= " AND (CompanyUser.user_type = '" . $role . "' OR CompanyUser.user_type = '1')"; } elseif ($role == 3) { $query .= " AND CompanyUser.user_type = '" . $role . "' AND CompanyUser.is_active = '1' "; } elseif ($role == 'disable') { $query .= " AND CompanyUser.is_active = '0'"; } } } $page = 1; if (isset($_GET['page']) && $_GET['page']) { $page = $_GET['page']; } $limit1 = $page * $page_limit - $page_limit; $limit2 = $page_limit; if ($user_srch) { $user_srch = addslashes(urldecode(htmlentities(strip_tags($user_srch)))); $query .= " AND (User.name LIKE '%" . $user_srch . "%' OR User.last_name LIKE '%" . $user_srch . "%' OR User.email LIKE '%" . $user_srch . "%' OR User.short_name LIKE '%" . $user_srch . "%')"; } if (isset($_GET['user']) && $_GET['user']) { $query .= " AND (User.uniq_id = '" . $_GET['user'] . "')"; } if ($role == "invited") { // $userArr = $this->User->query("SELECT SQL_CALC_FOUND_ROWS * FROM users AS User,user_invitations AS UserInvitation WHERE User.id=UserInvitation.user_id AND UserInvitation.company_id='" . SES_COMP . "' " . trim($query) . " ORDER BY User.dt_created DESC LIMIT $limit1,$limit2"); $userArr = $this->User->query("SELECT SQL_CALC_FOUND_ROWS * FROM company_users AS CompanyUser LEFT JOIN users AS User ON CompanyUser.user_id=User.id WHERE CompanyUser.company_id=" . SES_COMP . " AND CompanyUser.is_active ='2' AND User.email!='' AND (" . $search_query . ") ORDER BY User.dt_created DESC LIMIT {$limit1},{$limit2}"); } else { $userArr = $this->User->query("SELECT SQL_CALC_FOUND_ROWS * FROM users AS User,company_users AS CompanyUser WHERE User.id=CompanyUser.user_id AND CompanyUser.company_id='" . SES_COMP . "' " . trim($query) . " ORDER BY User.dt_last_login DESC LIMIT {$limit1},{$limit2}"); } $tot = $this->User->query("SELECT FOUND_ROWS() as total"); $totUser = count($userArr); $arrusr = array(); App::import("Helper", array("Format", "Casequery", "Tmzone", "Datetime")); $hFormat = new FormatHelper(new View(null)); $hCasequery = new CasequeryHelper(new View(null)); $hTmzone = new TmzoneHelper(new View(null)); $hDatetime = new DatetimeHelper(new View(null)); foreach ($userArr as $key => $usrall) { $userArr[$key]['User']['name'] = $hFormat->formatText($usrall['User']['name']); $userArr[$key]['User']['short_name'] = $hFormat->formatText($usrall['User']['short_name']); $userArr[$key]['User']['email'] = $hFormat->formatText($usrall['User']['email']); $userArr[$key]['User']['shln_email'] = $hFormat->shortLength($usrall['User']['email'], 30); if ($role != 'invited' && $usrall['CompanyUser']['is_active'] != 2) { $getprj = $hCasequery->getallproject($usrall['User']['id']); $allpj = ""; foreach ($getprj as $k => $v) { $allpj = $allpj . ", " . ucwords(strtolower($v)); } $userArr[$key]['User']['all_project'] = $hFormat->shortLength(trim($allpj, ","), 20); $userArr[$key]['User']['all_projects'] = trim($allpj, ","); $userArr[$key]['User']['total_project'] = count($getprj); } else { $allpj = $hCasequery->getallInvitedProj($usrall['CompanyUser']['project_id']); $userArr[$key]['User']['all_project'] = $hFormat->shortLength(trim($allpj, ","), 20); //$userArr[$key]['User']['total_project'] = count($getprj); } if ($role == 'invited') { $userArr[$key]['User']['qstr'] = $hCasequery->getinviteqstr($usrall['CompanyUser']['company_id'], $usrall['CompanyUser']['user_id']); } else { if ($usrall['CompanyUser']['is_active'] == 2) { $userArr[$key]['User']['qstr'] = $hCasequery->getinviteqstr($usrall['CompanyUser']['company_id'], $usrall['CompanyUser']['user_id']); } } if ($usrall['User']['dt_last_login']) { $locDT = $hTmzone->GetDateTime(SES_TIMEZONE, TZ_GMT, TZ_DST, TZ_CODE, $usrall['User']['dt_last_login'], "datetime"); $gmdate = $hTmzone->GetDateTime(SES_TIMEZONE, TZ_GMT, TZ_DST, TZ_CODE, GMT_DATE, "date"); $userArr[$key]['User']['latest_activity'] = $hDatetime->dateFormatOutputdateTime_day($locDT, $gmdate); } if ($role == "invited") { $crdt = $usrall['User']['dt_created']; } else { $crdt = $usrall['CompanyUser']['created']; } if ($crdt != "0000-00-00 00:00:00") { $locDT = $hTmzone->GetDateTime(SES_TIMEZONE, TZ_GMT, TZ_DST, TZ_CODE, $crdt, "datetime"); $gmdate = $hTmzone->GetDateTime(SES_TIMEZONE, TZ_GMT, TZ_DST, TZ_CODE, GMT_DATE, "date"); $userArr[$key]['User']['created_on'] = $hDatetime->dateFormatOutputdateTime_day($locDT, $gmdate); } if (isset($usrall['User']['name']) && !empty($usrall['User']['name'])) { array_push($arrusr, substr(trim($usrall['User']['name']), 0, 1)); } } $active_user_cnt = 0; $invited_user_cnt = 0; $disabled_user_cnt = 0; $grpcount = $CompanyUser->query('SELECT count(CompanyUser.id) as usrcnt , CompanyUser.is_active FROM company_users CompanyUser LEFT JOIN users User on CompanyUser.user_id=User.id WHERE CompanyUser.company_id=' . SES_COMP . ' AND User.email!="" AND (' . $search_query . ') GROUP BY CompanyUser.is_active '); // pr('SELECT count(CompanyUser.id) as usrcnt , CompanyUser.is_active FROM company_users CompanyUser LEFT JOIN users User on CompanyUser.user_id=User.id WHERE CompanyUser.company_id='.SES_COMP.' AND User.email!="" AND ('.$search_query.') GROUP BY CompanyUser.is_active ');exit; if ($grpcount) { foreach ($grpcount as $key => $val) { if ($val['CompanyUser']['is_active'] == 1) { $active_user_cnt = $val['0']['usrcnt']; } elseif ($val['CompanyUser']['is_active'] == 2) { $invited_user_cnt = $val['0']['usrcnt']; } elseif ($val['CompanyUser']['is_active'] == 0) { $disabled_user_cnt = $val['0']['usrcnt']; } } } $this->set('active_user_cnt', $active_user_cnt); $this->set('invited_user_cnt', $invited_user_cnt); $this->set('disabled_user_cnt', $disabled_user_cnt); $this->set('caseCount', $tot[0][0]['total']); $this->set('page_limit', $page_limit); $this->set('page', $page); $this->set('casePage', $page); $this->set('projArr', $projArr); $this->set('userArr', $userArr); $this->set('role', $role); $this->set('type', $type); $this->set('user_srch', $user_srch); $this->set('arrusr', $arrusr); $this->set('totUser', $totUser); if (isset($_GET['resetpassword']) && $_GET['resetpassword']) { $this->User->recursive = -1; $userUniqId = urldecode($_GET['resetpassword']); $getData = $this->User->find("first", array('conditions' => array('User.uniq_id' => $userUniqId), 'fields' => array('User.name', 'User.email'))); if (count($getData)) { $name = $getData['User']['name']; $to = $getData['User']['email']; $newPasswrod = $this->Format->generatePassword(6); $subject = "Orangescrum Reset Password"; $message = "<table cellspacing='1' cellpadding='1' width='100%' border='0'>\n\t\t\t\t\t\t\t\t\t<tr><td> </td></tr>\n\t\t\t\t\t\t\t\t\t<tr><td align='left' style='font:normal 14px verdana;'>Hi " . $name . ",</td></tr>\n\t\t\t\t\t\t\t\t\t<tr><td> </td></tr>\n\t\t\t\t\t\t\t\t\t<tr><td align='left' style='font:normal 14px verdana;'>Your Password has been reset to <b>" . $newPasswrod . "</b></td></tr>\n\t\t\t\t\t\t\t\t\t<tr><td> </td></tr>\n\t\t\t\t\t\t\t\t\t<tr><td> </td></tr>\n\t\t\t\t\t\t\t\t</table>\n\t\t\t\t\t\t\t\t"; if ($this->Sendgrid->sendGridEmail(FROM_EMAIL, $to, $subject, $message, "ResetPassword")) { $newMd5Passwrod = md5($newPasswrod); $this->User->query("UPDATE users SET password='******' WHERE uniq_id='" . $userUniqId . "'"); $this->Session->write("SUCCESS", "Password of '" . $name . "' reset successfully"); $this->redirect(HTTP_ROOT . "users/manage/"); } } } }