Location: PHPKode > projects > TEMS -Time and Expense Management System > tems/users/DbObj.php
<?php

/*********************************************************************************
 * TES is a Time and Expense Management program developed by
 * Initechs, LLC. Copyright (C) 2009 - 2010 Initechs LLC.
 *
 * This program is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License version 3 as published by the
 * Free Software Foundation with the addition of the following permission added
 * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
 * IN WHICH THE COPYRIGHT IS OWNED BY INITECHS, INITECHS DISCLAIMS THE WARRANTY
 * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
 * details.
 *
 * You should have received a copy of the GNU General Public License along with
 * this program; if not, see http://www.gnu.org/licenses or write to the Free
 * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301 USA.
 *
 * You can contact Initechs headquarters at 1841 Piedmont Road, Suite 301,
 * Marietta, GA, USA. or at email address hide@address.com
 *
 * The interactive user interfaces in modified source and object code versions
 * of this program must display Appropriate Legal Notices, as required under
 * Section 5 of the GNU General Public License version 3.
 *
 * In accordance with Section 7(b) of the GNU General Public License version 3,
 * these Appropriate Legal Notices must retain the display od the "Initechs" logo.
 * If the display of the logo is not reasonably feasible for technical reasons,
 * the Appropriate Legal Notices must display the words "Powered by Initechs".

 ********************************************************************************/

$basedir = dirname(__FILE__) . '/..';
require_once("$basedir/baseclass/DBCommonFunctions.php");
require_once("$basedir/users/config.php");
require_once("$basedir/baseclass/GetAuthorization.php");


class UserData extends DBCommonFunctions
{

	public function createRow($id, $fn, $pw, $em, $jd, $ti, $us, $rt, $ug, $at, $df, $lan)
	{
		global $users_status_array;

		if ($id == ''
		or $fn == ''
		or $pw == ''
		or $jd == ''
		or $us == ''
		or $rt == '')
		throw new iInvalidArgumentException();

		if (!isValidDate($jd, 'ymd'))
		throw new iInvalidDataException();

		if (!array_key_exists($us, $users_status_array))
		throw new iInvalidDataException();

		$sid = $this->escapeString($id);
		$sfn = $this->escapeString($fn);
		$spw = md5($this->escapeString($pw));
		$sem = $this->escapeString($em);
		$sjd = $this->escapeString($jd);
		$sti = $this->escapeString($ti);
		$sus = $this->escapeString($us);
		$srt = $this->escapeString($rt);
		$sug = $this->escapeString($ug);
		$sat = $this->escapeString($at);
		$sdf = $this->escapeString($df);
		$slan = $this->escapeString($lan);
		$loggedinUser = loggedUserID();
		
		if (($sem <> '')
			and (!valid_email_address($sem)))
			throw new iBLError ('email', 'er0086');

		if (strtolower($sid) <> strtolower($srt))
		{
			$DbObj = new dbObj();
			$RowData = $DbObj->fetchRow('users', 'users_id', $srt);
			if ($RowData == null)							// Not a valid user id
			throw new iBLError('reportto', 'er0052');
			if ($RowData['status'] <> '10')					// User is not active
			throw new iBLError('reportto', 'er0050');
		}

		if ($sat <> '')
		{
			$DbObj = new dbObj();
			$RowData = $DbObj->fetchRow('authorizationlists', 'authorizations_id', $sat);
			if ($RowData == null)							// Not a valid authorization List
			throw new iBLError('authorizations_id', 'er0046');
		}

		$this->beginTransaction();
		try
		{
			$query = <<<EOQ
INSERT INTO users (users_id, fullname, password, email, joindate, title, status, reportto, usergroup, createat, createby, changeby, authorizations_id, dateformat, language)
           VALUES ('$sid', '$sfn', '$spw', '$sem', '$sjd', '$sti', '$sus', '$srt', '$sug', now(), '$loggedinUser', '$loggedinUser', '$sat', '$sdf', '$slan')
EOQ;
			$conn = $this->getConnection();
			$conn->query($query);
			$recid = $conn->insert_id;
			$this->chkQueryError($conn, $query);

			$this->commitTransaction();
			return $recid;
		}
		catch (Exception $e)
		{
			$this->rollbackTransaction();
			throw $e;
		}

	}


	public function updateRow($uid, $fn, $em, $jd, $ti, $us, $rt, $ug, $at, $df, $lan)
	{
		global $users_status_array;

		if ($uid == ''
		or $fn == ''
		or $jd == ''
		or $us == ''
		or $rt == '')
		throw new iInvalidArgumentException();

		if (!isValidDate($jd, 'ymd'))
		throw new iInvalidDataException();

		if (!array_key_exists($us, $users_status_array))
		throw new iInvalidDataException();

		$sfn = $this->escapeString($fn);
		$sem = $this->escapeString($em);
		$sjd = $this->escapeString($jd);
		$sti = $this->escapeString($ti);
		$sus = $this->escapeString($us);
		$srt = $this->escapeString($rt);
		$sug = $this->escapeString($ug);
		$sat = $this->escapeString($at);
		$sdf = $this->escapeString($df);
		$slan = $this->escapeString($lan);
		
		$loggedinUser = loggedUserID();

		$auth = new userauthorization();
		$authority = $auth->chkauthorityLevel('users', 'Edit');

		if (($authority == 'none')
		or (($authority == 'own')
		and ($this->getRecordCreator('users', $uid) <> $loggedinUser)))
		throw new iBLError('nocategory', 'er0041');
		
		if (($sem <> '')
			and (!valid_email_address($sem)))
			throw new iBLError ('email', 'er0086');

		$DbObj = new dbObj();
		$RowData = $DbObj->fetchRow('users', 'uid', $uid);

		if (($RowData['users_id']) <> $srt)
		{
			$RowData = $DbObj->fetchRow('users', 'users_id', $srt);
			if ($RowData== null) 				// Not valid user id
			throw new iBLError('reportto', 'er0052');
			if ($RowData['status'] <> '10')		// User is not active
			throw new iBLError('manager', 'er0050');
		}

		If ($sus <> '10')
		{
			$userid = $RowData['users_id'];
			// If user is manager or Admin, and if he has reporting users..then he is not allowed to be in-active
			$where = " reportto = '$userid' and uid <> '$uid'";
			$RowData = $DbObj->fetchRowbyWhereClause('users', $where);
			if ($RowData<> null)
			throw new iBLError('status', 'er0051');
		}

		if ($sat <> '')
		{
			$DbObj = new dbObj();
			$RowData = $DbObj->fetchRow('authorizationlists', 'authorizations_id', $sat);
			if ($RowData == null)							// Not a valid authorization List
			throw new iBLError('authorizations_id', 'er0046');
		}

		$this->beginTransaction();
		try
		{
			$query = <<<EOQ
UPDATE users
SET
       fullname = '$sfn',
       email = '$sem',
       joindate = '$sjd',
       title = '$sti',
       status = '$sus',
       reportto = '$srt',
       usergroup = '$sug',
       authorizations_id = '$sat',
	   dateformat = '$sdf',
	   language = '$slan',
       changeby = '$loggedinUser'
 WHERE uid = '$uid'
EOQ;
			$conn = $this->getConnection();
			$conn->query($query);
			$this->chkQueryError($conn, $query);

			$this->commitTransaction();
		}
		catch (Exception $e)
		{
			$this->rollbackTransaction();
			throw $e;
		}
	}


	public function deleteRow($table, $uid)
	{
		$DbObj = new dbObj();
		$RowData = $DbObj->fetchRow('users', 'uid', $uid);

		if ($uid == 1) // user's uid=1 means this is admin user id. cannot be deleted
		{
			throw new iBLError('nocategory', 'er0088');
		}
		
		$where = " reportto = '{$RowData['users_id']}'"; // User is a reported users
		$RowData = $DbObj->fetchRowbyWhereClause('users', $where);
		if ($RowData <> null)
		{
			throw new iBLError('nocategory', 'er0056');
		}
		parent::deleteRow($table, $uid);
	}


	public function updatePwd($uid, $id, $pw)
	{
		global $users_status_array;

		if ($uid == ''
		or $id == ''
		or $pw == '')
		throw new iInvalidArgumentException();

		$sid = $this->escapeString($id);
		$spw = md5($this->escapeString($pw));

		$loggedinUser = loggedUserID();

		if ($sid <> $loggedinUser)
		{
			$auth = new userauthorization();
			$authority = $auth->chkauthorityLevel('users', 'ChangePassword');

			if (($authority == 'none')
			or (($authority == 'own')
			and ($this->getRecordCreator('users', $uid) <> $loggedinUser)))
			throw new iBLError('nocategory', 'er0041');
		}

		$this->beginTransaction();
		try
		{
			$query = <<<EOQ
UPDATE users
SET
       password = '$spw',
       changeby = '$loggedinUser'
 WHERE uid = '$uid'
EOQ;
			$conn = $this->getConnection();
			$conn->query($query);
			$this->chkQueryError($conn, $query);

			$this->commitTransaction();
		}
		catch (Exception $e)
		{
			$this->rollbackTransaction();
			throw $e;
		}
	}


}


?>
Return current item: TEMS -Time and Expense Management System